This is such a great music service but I’m wondering who is behind it and why they provide it? It must be costing them something to host the site. Interesting that Cloudflare stats show its biggest user base is India.
This is such a great music service but I’m wondering who is behind it and why they provide it? It must be costing them something to host the site. Interesting that Cloudflare stats show its biggest user base is India.
It gives you literal FLAC files, how are they gonna be malicious!?
People need to stop over analyzing things, its just a qobuz ripper, people who want to help the community provide them with Qobuz tokens that don’t expire as often as Deezer, now they just rip from Qobuz on your request, as simple as that. Firehawk is also building a similar site from scratch.
Well it’s both possible, and has been done. both with mp3s and FLAC, not too long ago. It’s not the format itself, but rather the applications parsing the files that are the target.
https://nvd.nist.gov/vuln/detail/CVE-2023-37327#%3A~%3Atext=GStreamer+FLAC%2Ccode+on
I mean, a website where you make requests to download many files are pretty ripe for a bate and switch scenario. That said, I’m looking for more cybersecuroty savvy folks than myself to chime in with the all-clear after doing some actual checks and analysis.
Is that when you use your left hand?
Lol, yep, then do a malicious redirection attack after getting a large user base which forces a drive-by-download of a malware package alongside the requested FLAC file.
(The joke was: you mean “bait and switch.” “Bate” is short for “masturbate.”)
Yes, I know, thats why I lol’ed