Indictment Highlights File-Sharing Risks 86
Bomarc writes "Via the KOMO-TV website, an article from the Associated Press about how Gregory Thomas Kopiloff used Limewire, Soulseek and other peer-to-peer file-sharing programs to troll other computers for financial information, which he used to open credit cards for an online shopping spree, according to a four-count indictment unsealed in US District Court on Thursday. The news article isn't big on details, but it does outline the risks with peer-to-peer file-sharing programs."
Filesharing isn't a risk (Score:5, Insightful)
however poorly configured software is, wether its MSIE or OpenSSH or SMB if they are poorly configured you will get bitten
anyway this smells like another "OMG p2p teh evill!!!" anti-p2p propaganda
Re: (Score:2)
I couldn't be bothered myself. It always seemed like far too much effort when I could just, y'know, listen to the radio or rip from streams.
Re: (Score:2)
Re: (Score:2)
They send ebooks and programs over the radio where you live ? Cool.
Re: (Score:3, Informative)
Re: (Score:2, Insightful)
Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client. As the summary states, there's very little detail in the article about how the information was actually accessed; all that would be required is a few pointers to help people prevent the
Re: (Score:2)
"Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client."
The same can be said for Windows. Now why doesn't slashdot give it as fair a shake as it does P2P?
There's a difference between configuration problems and actual security vulnerabilities like buffer overflows and such. This article is making is sound like there are actual vulnerabilities in the P2P app, rather than people just being dumb and configuring it to share their entire C drive or something. That can be fixed by a little user education. An actual vulnerability would require a patch to fix.
Re: (Score:1)
I'm sure that if someone released a Napster-style P2P app that defaults to sharing the entire contents of your hard drive, many people would praise it for having so many files available. People don't bother, they just install the program and within seconds they're playin
Re: (Score:2)
I'm sure that if someone released a Napster-style P2P app that defaults to sharing the entire contents of your hard drive, many people would praise it for having so many files available.
Right, and that would be a problem with the default settings of the application, and something that the app creator should address. A problem similar to the default password situation that Microsoft used to have with SQL Server, or that Linksys has with their home wireless routers. However, if the person decides to change the default to share their entire drive, that's not a problem with P2P software, it's a problem with the user and should be presented as such. This article doesn't even attempt to addr
Re: (Score:1)
If you buy a car, whose locks can be opened by every key issued by that auto maker, you won't know until someone drives off with your car; and even then, you might assume they just used the good ol' slim jim then shorted your starter. You won't realize your car is vulnerable until an "expert" finds out and tells you, in simple terms, why your car sucks.
Same thin
Re: (Score:1)
try .tax (Score:5, Informative)
I would never recommend viewing such information or committing any crimes, but it's interesting to see one IP address with tens or hundreds of tax returns shared. If you hire an outside tax preparer, be aware!
Imagine - your SSN, name, address, a list of banks that have paid you interest, a list of stocks that you own, your taxable income and amount of tax paid (which the IRS uses as proof that you are who you say you are, if you perform an online inquiry), etc.
And the victim doesn't even realize that their PAID PREPARER is sharing the information with the world! No lie! There are hundreds available every April!
PS, Don't try to call any of the individuals and tip them off - they have a tendency to shoot the messenger!
Re: (Score:1)
SMB? Super Mario Brothers is NOT poorly configured software!
Well, if you're going to share your financial info (Score:2)
(I know, I know, uneducated users, sharing C (or
Off to get myself that PS3 I'd never spend my hard earned dollars on....
Re:Well, if you're going to share your financial i (Score:1)
Re: (Score:2)
I had a mental image of someone running Windows as Administrator installing Kazaa, Limewire, whatever the p2p 1337 app of the week is, and manually sharing out their whole drive. Of course it's not okay to just abuse things, and there *should* be a reasonable level of security in keeping data on your computer.
That said, a computer should be operated as non-uid=0, and only switch when critical tasks MUST be done, but hey...that still wouldn't fix this. If I run a file shari
Re: (Score:2)
Well a technical solution to making a mistake about something you don't even understand (inexperienced/ignorant users) is essentially impossible and may be why Win has the problems it has. My gripe really was with blaming the victim in that instance though, well, even if it is a joke. No worries, though.
Re: (Score:2)
Well a technical solution to making a mistake about something you don't even understand (inexperienced/ignorant users) is essentially impossible and may be why Win has the problems it has.
Articles like this one don't do anything to improve the situation though. Instead of telling people that they shouldn't share their entire hard drive with their P2P app, and explaining how to prevent that from happening, it just goes off and rants about how P2P apps are so dangerous and they're stealing your data and letting anyone get all your files! Makes me wonder who's behind this story...
Re:Well, if you're going to share your financial i (Score:1)
Well if you going share C:\ expect bad things. (Score:2, Insightful)
Why? (Score:1)
Re: (Score:1, Informative)
Because there's more good music available on Soulseek; you can see the bitrate before you download it; you can talk to users in rooms about the music first; you can download the same album from more than one person for speed; you don't end up waiting in vain for the last 6.9% of a torrent; you can ban leeches; it's trivial to upload your own music (I have no idea how to share something via BitTorrent - I think I have to read stuff and run programs etc = very boring. Perhaps
My way (Score:5, Funny)
Get's em every time.
Re: (Score:2)
Get's em every time.
It's great if you are doing that on a Linux machine with a SMB share called c:\. You could keep them busy for hours if you seeded the share properly. Include lots of links to your PayPal account, Bank of America, Barcleys,
Re: (Score:2)
You really should see a doctor.
Search for 'Resume' (Score:5, Interesting)
Fun times.
Re:Search for 'Resume' (Score:4, Interesting)
Yeah, we used to do this on a college file-sharing network. We'd search for files that were on the root of the drive, like "io.sys", and find all the people who were sharing their entire hard drives. Then we'd root through their documents and find compromising pictures of them and make fun of them in the main chat, usually followed by the advice "STOP SHARING YOUR ENTIRE DRIVE."
There was also a correspondence between assigned IPs and the different dormitories, which was apparently easy enough to figure out, with the result that the ops often freaked out new users by telling them where they lived.
Re:Search for 'Resume' (Score:4, Interesting)
It was just a 'dumb' spider so it went everywhere it could.
jpg would turn up 'private' party pictures. doc's would turn up Resume's and homework solutions... those were the days.
And we did the same thing you did. Anyone sharing everything would get a nice desktop text file "README".
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Rights at stake (Score:1)
As far as I can tell, there are many ways to mine for personal information on the internet that do not require the use of P2P sharing programs. In this case, should the usage of the internet as a whole be deemed unlawful?
Old fashion Security (Score:1)
Re: (Score:2)
Just be careful where you throw that paper plane
Sorry, sorry.
Re: (Score:1)
equally amusing (Score:1)
This woman sure adds some emotions to her wordings! It's not like she's added any media spin! [usdoj.gov] never! [nwsource.com]. Sheesh. This woman must be aiming for a job with microsoft. From the last link I just provided: "We know that Robert Soloway is one of the most prolific spammers in the world," Wa
Re: (Score:1)
equally wrong (Score:2)
Perhaps, but it's overkill. Just change your email address and remove the catch-all. Once you've done that, don't publish in plain text.
WTF? that won't even help since the domain will be looked up and converted to the IP address.
I think what is more accurate (assuming the software only shares what you tell it) is "you're giving criminals
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
From the "never!" link you posted.
"It's estimated that 80 percent of the traffic on the Internet is, in fact, spam."
http://arstechnica.com/news.ars/post/20070903-p2p - responsible-for-as-much-as-90-percent-of-all-net-t raffic.html [arstechnica.com]
There we have "P2P responsible for as much as 90 percent of all 'Net traffic"
I'm not saying that this guy did not deserve this, but i do think about how much more information that might
Re: (Score:2)
Re: (Score:1)
It outlines something... (Score:3, Insightful)
Re: (Score:2)
There's an idiot born every .00013 seconds! Grrr! (Score:2)
Y/N: N
Share your files to [INSERT]
Y/N: Y
HAH! TRICK QUESTION! AYBABTU!
*SCHLORP!*
Seriously, this reminds me of morons who used to share their entire hard drives out to file sharing apps.
I remember seeing printouts of peoples' password lists, even full bank account and investment broker information, complete with contact info, and all the personal ID data, etc. All found by people trolling the network for more than just MP3s.
Accessing a protected computer? (Score:1)
I can understand the other charges, but accessing a protected computer? I'd think it would be reasonable to assume files that are found on a p2p network are meant to be shared. IANAL, but if he gets convicted for that, wouldn't that allow a "I'm sorry, I never meant to share these mp3's" defense in most, if not all, of the RIAA cases?
Re: (Score:2)
P2P isn't the danger for your security (Score:3, Insightful)
Unfortunately, exactly that conclusion is very hard to understand by stupid people.
Don't want to learn? No problem. Nobody is forced to be "on the internet". Nobody is being forced to put their private information into their computer. You can live without either.
But don't blame technology for your stupidity. Do you call your car dangerous and evil if you're too stupid to see the difference between the funny things down there that ruin your shoes (aka pedals)?
Just to get a car analogy into it again...
Re: (Score:1)
Media Company, look at this (Score:1)
If the price / convenience / value ratios make you the best source for your product, people will scramble to get it from you. For money even! Back it up with an ad campaign reinforcing how safe and accessible you are and i guarantee you won't lose.
I wish i was a m
The value has reached zero (Score:2)
No, the crash is going to come pretty soon I think. Anyone "selling" music is doomed, as is their entire infrastructure. If you create graphics for bands who pay you from music sales, better find a new job. If your job is supplying plastic for jewel cases used by CD
Re: (Score:2)
Last time I checked, RECORD COMPANIES make money from CD sales. BANDS make money from live shows and merchandise. There are a few big name exceptions to this, but for the average "known only to college students that think they are hip" bands, they make squat from CDs.
So, expect RECORD COMPANIES to collapse. (Which is a good thing, as they, along with the classic buggy whip makers are outdated.)
I know about 5 bands that are very small, play live a bit, and released their o
Re: (Score:2)
Supporting the artist is why I do it.
See, the music has value to me in that I want to hear it, and I want to support the people who produce the music I want to listen to. That way, they'll make more of it. Cause otherwise, all that's left is Brittany and whatever other dreck is in the charts.
I can't stand the *AA's either, but the people who actually produce music, do produce something which has
Sue the programmers! Seriously.... (Score:2)
In other words, the programmer of the P2P software is at fault for allowing his program to default into a dangerous state! The P2P program should be forcing the user to create a new and specific folder on the hard disk for files that will be shared. Then t
No Accident (Score:2)
I'd go further and say that in at least some cases automatically sharing everything (or at least all media files) is an intentional (mis)feature of the P2P programs. The folks that make these programs often gain from the popularity of their programs either through advertisi
meh (Score:2)
By the by, anyone know if Hotline is still functional and in use?
Re: (Score:2)
http://hotline.tracker-tracker.com/public/ [tracker-tracker.com]
The official client is kinda... clumsy, and since Hotline SW isn't in business anymore, no more updates. But there are a few open source clients and the official client works under XP still.
Re: (Score:2)
risks with peer-to-peer? (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
The problem with the death of the PC is that once that happens, people will be relegated to basically using glorified game consoles for their 'computing'.
DRM and content restrictions will be at the beck and call of the manufacturers and their cohorts/sponsors (RIAA, MPAA, etc.) and our essential freedom of the press will be limited.
I don't see any solid technical reason for thin clients to take precedence. Sun never got anywhere far with them. Power consumption is b
Re: (Score:2)
Its almost there now.
Re: (Score:2)
Listen as long as there are idiots, no software can be safe.
Howmuchever security you build into a software is based on the assumption that an intelligent user will try to break it.
Like the saying goes, fools sometimes rush in and get the job done where angels fear to tread.
dumb people do stupid dangerous things.
Re: (Score:2)
If the 'entre server' was shared, or the end user was able to even install an application, its the providers fault and they should be shut down.
Basic Information security (Score:1)
This is the consumer equivalent of the age-old problem in the corporate world of printing something to the wrong printer, something that resulted in many a red face and more than a few leaks of confidential information. It is an information security problem -- how do you prevent a user from erroneously placing confidential information in an insecure space? The problem is the same whether the insecure space is a printer, an extranet site, or a directory structure shared by a file sharing program.
Systems
stop sharing your c: drive (Score:1)
ok, people stop sharing your C:\ drive! WTF! you're basically asking for people to steal your stuff then...
Idiot-proof... (Score:2)
To put it another way: Complete dipshits shouldn't be using P2P.
I can live with that.
Filesharing is a great way to backup stuf!! (Score:2, Funny)
2) mv Backup.zip ~/Kazaa/share/Britney&ParisDoAHorse.mpg
3) ??
4) Profit!!
Obligatory bash.org quote (Score:1)
I download something from Napster
And the same guy I downloaded it from starts downloading it from me when I'm done
I message him and say "What are you doing? I just got that from you"
"getting my song back fucker"