iTunes Security Spoof

By Jon Newton 10/18/05

Fake iTunes Shared Music entries can be created by spoofing fake domain/list names and IP addresses inside an MDNS packet used to broadcast existing lists, says Airscanner Mobile Security Advisory #05101001.

“This spoofing attack can be scripted to post numerous entries to specific or all iTunes users on a network (flooding),” says Seth Fogie, going on:

“By repeated excessive posting of Shared Music Entries, we were able to create a major system load on systems using iTunes.”

Jon Newton

Fogie says the DoS risk is low (“Shared Music anonymous forced disconnect”) and list abuse attacks are merely annoying to iTunes users.

But, “ Shared Music lists from various users can be renamed and swapped, thus creating an environment in which you can't be sure to whom you are connecting.”

Jon Newton is the editor of and is a regular contributer to MP3 Newswire. Jon's site is devoted to the politics of digital music and his insights as well as those of his co-writers can be read there. We urge you to explore it.


The 30GB iPod Video is available on Amazon

Other MP3 stories:
Notes on the iPod Video and selling TV Shoes on iTunes
Thoughts on Apple, Satellite Radio and the Record Industry
FrostWire Beta Online


Back to