Customers normally incur a charge of 79 cents when a music file is copied to a CD or portable music player. This file would then be free from Digital Rights Management (DRM) restrictions that are imposed upon the music before it is purchased.
In light of this discovery, however, customers can obtain the files without DRM protections by using standard tools available on the Internet.
CIS initially reported flaws during day-one of the public beta period, but had found only installation and interface bugs. During additional testing this week, the Yahoo website exposed more serious design problems.
"For a savvy Internet user, the flaws in this music system could make it easier to download the music for free than it is to pay for the same file," said Robert Chapin, President of CIS.
Standard accounts and Internet equipment are being used to pinpoint the cause of the problem. At this time, Yahoo has not acknowledged the CIS security report.
CIS is a small Michigan business with a variety of technology automation activities. CIS has detected major security flaws in public and private networks for banks, schools, computer manufacturers, and open source projects.
More information on this issue will be available soon.