14 DAY TRIAL // The Yahoo! plan to head towards free (if possible) and ad-supported music downloads is a reality and a pitching point for the company's future. Only one impediment has surfaced this far, namely the vulnerability discovered by Krystian Kloskowski, a Polish security researcher, that might convince Yahoo!ers that the company is not as safe as advertised and make them have second thoughts about the whole deal.
Security experts from Secunia deemed the flaw to be 'extremely critical', the highest rating on its five stage danger scale. Unattended this far, it is being actively exploited by hackers and the malicious code was made public over the Internet, thus making it easier for everybody with a minimum knowledge in the field to start attacking Jukebox's users' PCs.
"Some vulnerabilities have been discovered in Yahoo Music Jukebox, which can be exploited by malicious people to compromise a user's system," Secunia warned on its site.
The results of such an attack are that the hacker conducting it would get control over the target's PC and transform it into a 'bot' that would attempt additional attacks to other PCs without the owner being aware of it.
Formerly being one of the top 100 products of the year in 2006, according to PC World, Yahoo Music Jukebox is a free music management tool that allows its users to play music files, burn CDs and, on top of that, tune in to some Internet radio services. "If you have Yahoo Messenger installed, you can see your friends over the net, keep a history of the songs that have just played, regulate it over a network of multiple computers, and activate the network music feature so all users can listen along," CHIP added to the description. It was rolled out on the 2nd of August in 2006, and is actually the old Yahoo Music Engine, renamed and worked upon. Not too shabby, until this flaw was discovered.