YouTube MP3 Converter Loses Court Battle But The Music Plays On

image

I am going to post this article here from TorrentFreak mainly because this is the site I have recommended to convert mp3’s in my article How to Download Free Music on the BlackBerry PlayBook and BlackBerry 10.

One of the world’s largest sites dedicated to converting YouTube videos to downloadable MP3s has lost a court battle with representatives from the music industry. YouTube-MP3, a site that was also threatened by Google in 2012, agreed to cease and desist from its current mode of operation after it was revealed it was not only ripping music from YouTube, but also archiving the MP3s for future download. Despite the loss, the site remains online – legally.

In addition to obtaining music from file-sharing networks, those looking for free tracks often get them from so-called tube-rippers, sites and services that transform YouTube videos into downloadable MP3s.

These tools are available in several formats including desktop packages, apps for mobile devices, and more commonly browser-based tools. In mid-2012 YouTube owners Google, believed to be under pressure from the music industry, started to make life more difficult for web-based YouTube converters and some cases issued threats to sue.

While some sites decided to shut down, many others continued business as usual, including the German site YouTube-MP3, one of the largest YouTube ripping services around with around 30 million visits per month. The site has long insisted that it has a right to provide ripping services but having fought off Google it recently found itself up against fresh adversaries.

Three music companies under the umbrella of industry group BVMI challenged YouTube-MP3′s assertion that it operates legally and sued it in the Hamburg District Court. The companies said that while YouTube-MP3 claimed to be offering only a rip-and-download service, there were serious technical issues behind the scenes that rendered the site in breach of copyright law.

YouTube-MP3 claimed that users of its service could enter the URL of a YouTube video and have the site convert and churn out an MP3 for download. Apparently, however, that wasn’t always the way it worked. Once a video had been converted to MP3, that audio was stored on YouTube-MP3′s servers. If another user subsequently entered the same YouTube URL, no conversion or ripping was carried out. They were simply handed a copy of the previously stored MP3 for download.

In a statement sent to TorrentFreak, BVMI said that this was a clear breach of copyright law.

“Contrary to the common assumption that YouTubeMP3 is a streamripper that allows users to record songs from the Internet (much as cassette recorders were used to record music from the radio back in the day), in fact the online converter often simply made the pieces available for download without a license,” BVMI said.

BVMI said that by the time the case had arrived in court last month the owner of YouTube-MP3 had already signed cease and desist declarations and agreed to refrain from reproducing and distributing copyright content.

“The current case provides deep insights into the workings of so-called ‘recording services’
and exposes a trick that not only hoodwinks the rights owners but also misleads the users of
these services,” said BVMI Managing Director Dr Florian Drücke.

“Under the guise of private copying [YouTube-MP3] deceives people into thinking that
everything is above-board, even though the user – unwittingly – avails himself of an illegal download platform. We have for some time pointed out that the vague definition of ‘private copies’ encourages cat-and-mouse games in matters of streamripping, so a clarification at the political level is needed here.”

With the signing of the declarations the Hamburg District Court considered the case closed but ordered YouTube-MP3 to pay everyone’s costs.

TorrentFreak contacted the site’s owner for a comment but as yet we’ve received no response. Presumably life at YouTube-MP3 will continue, but without storing converted MP3s for subsequent download. The end result, of course, is that users of the site will still get ripped MP3s just as they did before, a point not lost on BVMI.

“One thing is clear: this platform, as well as most other streamripper sites, generate considerable advertising income that is not shared with the artists or their partners. This has nothing to do with fairness, nor does it fit with our current digital age, when many music sites – some of them free – can be used perfectly legally on the Internet,” BVMI conclude.

Source: TorrentFreak

Advertisements

Apple iOS apps subject to man-in-the-middle attacks

image

HTTP Request Hijacking attack said to be simple to do against Apple IOS apps

Network World – Many Apple iOS applications are vulnerable to a man-in-the-middle attack that can result in permanent manipulation by the attacker, according to start-up Skycure, which released its research findings on this today during the RSA Europe conference.

Skycure CTO Yair Amit says many mobile iOS apps are vulnerable to a “very simple attack that relies on the 301 HTTP Response, a permanent re-direction.” If an Apple iOS app can cache these so-called 301 HTTP Re-Direct Response requests — and many popular iOS apps do, according to Skycure — then the app is vulnerable to being repeatedly hijacked via re-direction to the attacker’s server.

While this general type of man-in-the-middle attack has been known on the Web for many years, for mobile applications the result is worse in that it “persistently changes the URL” of the server and lets the attacker take dynamic control over the app, says Amit. In the information that Skycure is publishing today, the company notes the impact of the attack is basically that instead of loading data from the real site that the user wants to visit, the attacker can make the app permanently load the data from the attacker’s site.

Skycure isn’t releasing the names of the vulnerable iOS apps because this issue hasn’t necessarily been fixed. Amit says according to Skycure’s research, a significant portion of apps available through the official Apple App Store could be attacked this way. The problem is not a vulnerability in iOS itself but a coding weakness on the part of the developer.

Skycure says “HTTP Request Hijacking” of Apple iOS mobile devices such as iPhones and iPads starts with a man-in-the-middle attack, which would typically commence in a public WiFi zone, such as in a coffee shop.  While a type of attack like this has been known to happen on the Web between computer-based Web browsers and Web servers for quite some time, the way a similar attack works on mobile devices hasn’t yet been subject to much scrutiny, says Amit.

He adds the implication of such an attack on news or financial information received through iOS devices is troubling.
“In a mobile application, it changes the application,” he says, adding “there’s no easy way to remove the problem.” But Skycure believes there are a number of steps that app developers can take to remediate or mitigate against it.

Among them are making sure the app doesn’t cache a 301 HTTP Re-Direct Response for re-direction. Another is to make sure the mobile device interacts with a designated server via an encrypted protocol, such as HTTPS, instead of HTTP. “If you want your application to behave differently with a server, just release an update,” he suggests. Making changes to apps to correct for this may be somewhat disruptive to the end-user, he adds.

The HTTP Request Hijacking attack on iOS that Skycure has identified may also exist in Android or other mobile-device platforms, but Skycure currently puts its focus primarily on Apple iOS. Skycure believes one danger in this type of man-in-the-middle attack on mobile devices is that it is much less visible to the victimized end-user than the more traditional computer-based form of the attack.

Source: Network World