Slashdot Mirror
Peer-To-Victim File Sharing
ShareSniffer
is profiled in
a SecurityFocus article
today. The company has come up with a new and guiltless way to trade MP3s: just use someone else's hard drive. They have a "bevy of lawyers"
(bevy,
n., a group, esp. of girls or women)
who say taking advantage of public Windows shares is perfectly legal. And why not? Clicking "I Agree" without reading a license agreement is legally binding, right? So when you click "Share This Folder," whether you understand its implications or not, you've authorized the world to play with your drive, and have no right to complain.
</devilsadvocate>
No, It's pretty clear cut that what Bob and Joe are doing is wrong. If I leave my garage open and during the day someone decides to take a rake, shovel, or other implements of destruction, or decides to park their VW mini-bus there that's wrong.
Sure my insurance company isn't going to cover this because it was my fault I left the garage open, but the police will arrest the person who took my implements of destruction, assuming they locate them.
Additionaly if I started a business that looked for open garages, and then let people know about it, I would assume that the authorities would quickly stop me.
What these guys are doing is clearly wrong. Taking advantage of someone else's property without explicit permission is wrong whether you gain access through an open door or open share.
I have.
........."
It's often not simple to find out what email address belongs to specific IPs, though.
I've actually used an open print-share to print a message like "You're sharing your printer to the world. This can be fixed by right-clicking on your printer and selecting 'sharing', then assigning a password. If you need help, please feel free to email me at
But then they just get scared and think I'm some cracker. People don't listen until someone gets hurt.
I'm not trying to be elitist about this, but look, for example at the DDoS stuff a year or so ago. Nobody cared that it was possible, until it hurt a bunch of dotcoms, then there were all kinds of outcries, and now the problem has died, and nobody cares now. Even though DDoS is still very possible.
"A person is smart. People are dumb, panicky, dangerous animals, and you know it."
-Kay, Men In Black, 1997
I tend to agree fully. (-:
Explain to me this concept of a default share, for I have not seen it.
At least in 98, it works like this: Windows does not enable file sharing by default. Nor do any major computer manufacturers enable it by default, as far as I know.
The problem comes when people start hooking their Windows computers up to their own LAN's. If you want to share files/printers between the upstairs and downstairs machines, you enable File Sharing support. You get a window asking you to create a share name for your share, and if you want to set a password. The default share name is "C" or "C-drive", something like that. And while there is a password-protect option, it's not required to create the share.
Also of note: the share is automatically enabled for every network protocol you currently have installed on your system. So if you only intend to share your files via IPX locally, if you have TCP/IP, or worse, NetBui, installed, it get's shared over those as well. You have to manually go in and un-bind the other protocols from Microsoft Networking.
This obviously isn't much of a problem until you start throwing DSL and cable lines into the mix, but there's where it becomes a big problem. Chances are most Windows users barely have a clue what a protocol or drive-share even is, let alone why they shouldn't be sharing it without a password over their cable modem.
Personally, I don't really buy this whole "they left it open, they deserve what they get" mentality. Come on people, we can't all be l33t h4x0rs. "You deserve what you get" doesn't fly when talking about cell-phone radiation, or getting mugged while walking to your car after dark. What's needed is a little education, not exploitation.
With file sharing you have specifically left the door open, and hung out a come on in sign.
Unless you have an access control system for the door, you cannot leave it unlocked for specific people, so you have to leave it unlocked for everyone.
With file sharing, you can specificy a password, and different users, and thus can allow in only the people you *want* to come in. Specifying "full access" means just that. If you're too lazy to lock it down properly, so be it.
-This sig intentionally left blank
In the house, if there is a VCR and I take it, then the original owner has lost all use of it. What if I came in and *cloned* the VCR, so the original owner still had his fully functional unit, but now I jad one just like it?
If you need to temporarily unlock your backdoor, specifiy a password, even if it's insanely simple.
-This sig intentionally left blank
I've got enough netbus/subseven hits on my f-wall as it is; If it starts logging ShareSniffer hits on top of that, well the emails to abuse@whateverisp.com will start flying again ...
---
Most dialup spammers die pretty quickly, even with an estimated one-in-10000 abuse reporting rate.
If sharesniffing becomes widespread, I'd expect to see people running "honeypot" share-simulating clients and/or automated "log all probes and report to abuse after 10 probes from any single netblock within a 7-day period" tools.
Actually, this is a very poor analogy. If you like bikes, here is a better one.
In Amsterdamn, they had a system of white bicycles. There weren't owned by anybody. The idea was that if you needed to go somewhere, you would just hop on the nearest white bike, ride it to your destination, and leave it for the next person. Your analogy should be:
Suppose you had a bike, painted it white, and left it outside in a bike rack unlocked with a bunch of other white bikes. Could you then bitch when someone "steals" your white bike? That's what people are doing when they say you can't access open shares. Open shares are not like "[leaving] his bike out on the driveway unlocked". It is actually marking the bike in such a way that anybody who comes along a looks at it (via scanning) will see that the bike is marked as being free to use. By your analogy, every access to a publicly available web or FTP server is like stealing some poor kids bike off of their driveway.
"A better analogy would be if I had a sign on my door"
Well, there is no way to put a "sign on your door". Either your shares are world-readable, or they are not readable at all (at least if you are using default windows sharing, and are not part of an NT domain, etc. Most home users aren't of course). It *is* more like just leaving your door open. Maybe you don't care who comes in, or maybe you just intend to leave it open for a certain person...but in most cases I'd expect someone to be hesitant to just waltzing in. This has *nothing* to do with theft. You can read my diary and it is not theft - that doesn't mean I wanted you to read it!
So:
1) Windows has crappy file sharing mechanism
2) ShareSniffer is at best an unscrupulous company jumping on the P2P hype bandwagon. You can *already* do what ShareSniffer claims (P2P) by using public WINS servers.
It's 10 PM. Do you know if you're un-American?
I Want To Start A P2V Company. Will some VC throw lots of money at me? Oh d#!@ it, I'm a year and a half too late.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
And if Sally didn't everyone to come into her yard and store stuff there, she shouldn't have left access open to anyone. She should have put an unbreakable fence and guard dogs. But it doesn't work that way. In the "real world", access is something that is given, and it is assumed that if you have not been given access that you should have none. Why should we make special rules for the digital world? Unless you are given access, you have no right to be there.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
If people want to share their MP3s via SMB, why don't they call their share "SHARE_SNIFFER" or something similar, so that people KNOW that they have been given implicit permission to access that share.
At my uni, there's part of the computing rules that say we're not allowed to access a computer system unless we've been given explicit or implicit permission. Explicit permission being something like having an account on that computer, eg. my account on slashdot:
Implicit permission is things like anon ftp, or computers in libraries, etc:
By naming your share "SHARE_SNIFFER" or whatever, people can take that as implicit authorisation. I don't think you can take the existence of an open SMB share as implicit authorisation because, as people have mentioned, it can be done without the sharer realising what they are doing.
This would be the equivalent of putting your bicycle out in front of your house with a sign saying "Free to a good home" or "feel free to take a spin on this".
-BB
My question, though, and one I will be actively investigating: how does this affect Windows 2000 machines. I know there are "administration" shares set up (default hidden shares like C$), but I believe... don't quote me on this... that you need a password to view them. Just the same, I'm going to have to read this Ars Technica article in depth on how to secure my Windows 2000 box fully (I've followed most of the instructions, but I never removed the shares). I suggest any of you with Windows 2000 to do the same as well.
And I still have to secure my RedHat side of the box. *sigh*
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
Nothing wrong with drinking a beer, but I'd be pissed off if he took my stereo or raped my wife. Not to equate mp3 file copying with, rape or theft, but it is wrong to load someone's hard disk with crap without their consent when that crap might bring cease and desist letters down on their heads.
Think! You know where you belong, and you know what you own. Walking into a stranger's house is a very ballsy thing to do. Here in Louissiana you can be legally shot doing that. Sneaking Britany Spears onto someone else's hard disk is not nice. An open door is not an excuse for abuse.
Friends don't help friends install M$ junk.
After all, in order for someone to make a legal complaint they'd have to stand up in court and say "Yes, I'm an idiot. After I installed windows, I turned on access to my hard drives. No sir, I turned it on because I didn't want anybody to use it.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
The whole situation is akin to webservers and search engines. Webservers serve content, and search engines allow you to find the content. Once you have the link however, it is the webserver software that allows you to access the content, not the search engine. One might say that the difference is that the majority of websites are put up specifically so that other people can download, while sharing is not for internet-wide public sharing. This is true, but not relavent--google catalogues all sorts of webservers/pages that their owners don't want other people to find. (for an example check out their "secret server" faq). In this case, the Sharesniffer software is not involved at all in the file transfer, which is a very different situation from Napster.
Anyway, the reason this might be the turning point for p2p is because for years, millions of mp3s and other files have been illegally copied on college networks, with the full knowledge of the RIAA/MPAA. Windows Networking (and whatever small percentage of Linux Samba that exists on campuses) has been facilitating file transfers and literally nothing has been done about it. If anybody wants to challenge Sharesniffer, they're going to have to tackle windows networking, and Microsoft is not necessarily going to just give in to RIAA/MPAA. Windows networking is too valuable of an asset to the OS to simply give it up. And this may be the first time that Microsoft's lawyers and money may benefit the little people -- they may be the only company who can successfully stand up the RIAA/MPAA.
While I may agree that using a Windows share is wrong if you don't have some sort of consent from the share owner (either implied or explicit) I don't think we need faulty analogies to unsecured outbuildings to debate.
On the other hand, I'm a little tired of Mr. and Mrs. Average American expecting their PCs to be as easy to use as a lamp or a handgun. Today's home PC is more powerful than a mainframe was just 30 years ago. Apple sells a "supercomputer" in a seven inch plastic box!
As such, people should consider getting a little training in the computing, and security would be a part of any such training. Having Windows at work is no substitute for real computer training, since at home there won't be any rigid information security policies or professional admins to back up hapless users who go turning on every potential security hole because it sounds neat.
Most of the people I run into with computer questions don't even seem to know how to press F1 for help. They have no intrinsic understanding of why there is a problem, because other than the pretty windows on the screen they have little idea what is actually happening inside their machine. There's an awful lot of computer in the average home these days, run by completely clueless people. If their open share gets used as it was designed to be used, let's just call it part of the learning process. This doesn't do anything the protocol wasn't designed to do-- share files from a specified directory.
I do not have a signature
There is much risk in this for the person taking the data. Most states have enacted felony statutes which precisely cater to this issue -- the taking of data from a computer system without being granted express permission to do so. While it may well be arguable that leaving a door open makes entry and taking of possessions a consented non-trespass, that isn't the law in any state of the Union. Whether or not the same rules would apply to the computer trespass statutes is something you would test at your own risk of life, limb and liberty.
Further, the scheme as described is useless as a substitute for Napster -- there would be no centralized index facilitating that distribution. Napster wasn't liable for the copying that took place -- it was liable for its contribution in facilitating the same as a result of uploading and maintaining dynamic index information (Contributory Infringement).
first off, i am a college student. my best friend lives in a dorm different from me, but we manage. one day i showed him how to poke around the local windows network and get into people's mp3s/pr0n/movies. he thought this was insanely cool.
one day, he left me a message saying that he had gotten into some girl's share, and she had her whole hard drive shared up. rather than fuck her over by nuking a few choice files, he found her AOL IM id in /windows/aim95/usernamexxx. he added her to his list, and told her that her whole computer was shared and anyone had access to it, but he didn't know how to get rid of the sharing.
he called me over to her place, she and i finally met, and i showed her how to disable sharing.
yeah... that was how i met my girlfriend...
"The person who has, through no knowledge of his own, left file sharing 'on' with no protection, that is the electronic equivalent of leaving your door unlocked," says Rasch. "You can't with any degree of certainly say it is an invitation to enter... Therefore when you enter through an open file share, that's likely an unauthorized access."
So does the same reasoning apply to read-only passwordless access? When I pull up a random web page, it's rarely because I've received a written invitation from their webmaster to do so; it's because there is no password restricting my access to the page!
If you break into a locked house, it's breaking and entering.
If you enter an unlocked house, without permission, it's entering. Still a crime. The fact that you left the door open is not "permission," not even implicitly. The fact that someone left his computer in its default configuration is sure as hell not permission. Someone specifically enabling sharing for their home-based network is a bit more debatable, but I still doubt it would take any reasonable person more than a few seconds to decide that it's not permission for everyone to enter.
If you take stuff without permission it's theft, even if the person didn't know he/she possessed the item. It's theft even if all you do is copy the papers on the desk.
Even leaving something in the house is a crime. Littering, if nothing else.
Finally, even if all they do is tell their friends where to find open doors, if they do that in the expectation that their friends will commit crimes (entering, theft, etc.), then they're still party to a conspiracy.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
You can't get up and say that this tool does not break into people's system, the users do.
That's not the point.
On computer networks (in the absense of a STANDARDIZED publication of a declaration of a well-known excpetion) the permission system settings are normally considered the expression of the INTENT of the person who set them.
The only well-recognized exceptions I can think of at the moment are:
- Copyright notices on published text.
- Certain prohibitions (by custom and/or statute) on use of administrator privileges to snoop.
- The mechanism for restricting search engines from indexing certain pages (such as dynamic or proprietary site content).
Changing the permissions on a portion of their files so that the world can read and write them could be an expression of intent that they do so, or could be an error. This difference in intent is indistinguishable externally. So if another user takes advantage of the explicit permission change to do exactly what it allows, one must assume he is acting with the permission of the resource's owner unless he has been explicitly informed otherwise.
Further, when you're dealing with laws that ban an activity, any ambiguity in the law must (according to US jurisprudence) be resolved in favor of the person accused of wrongdoing and the lesser restriction.
This is true even if the BULK of the sites with open permissions in fact are, and can be expected to be, the result of user error. (I won't go into the reasons in more depth here.)
Given that using an open file system is legal by the above arguments, a tool to find such legal-to-use resources can not itself be a violation of law.
A related issue: There's been a lot of legislation lately directed at people who break into systems to misuse them, and this has resulted in prosecutions of people, especially juveniles (or chronological adults with arrested development B-) ) who were just exploring. But I have yet to see the doctrine of "attractive nuisance" applied to computer systems set up with inadequate attention to security.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
or, Practical Darwinism... take your pick. :)
Seriously, I view this program as a net Good Thing (I'm not going to comment on the business model). This will bring unsecured file shares to more prominent attention, at the expense of some Clueless Users, and hopefully will finally result in this crap getting cleaned up.
Just the other week, some putz on tribalwar blamed "those damn hackers" when somebody plunked a virus/script into his open read/write C share, resulting in a "ALL YOUR COMPUTER ARE BELONG TO US". Sorry, bud, you done screwed up first.
Regarding @home users - in my area (Vancouver, BC), they blocked that port YEARS ago. Pissed me off, too - I was foolishly using it for home to work transfers. I take from the comments this isn't standard among all the various regional @homes?
Ceci n'est pas un post
...yes, I met your daughter while I was looking for digital porn movies.
------------------
------------------
You may like my a cappella music
You can't get up and say that this tool does not break into people's system, the users do. There seems to be a trend (As in Napster) where a tool is written to do something and they deny that the tool is doing it.
It just does not wash. And boy am I gald I'm running Linux.
Erlang Developer and podcaster
Correct, Windows 2000 (like NT) has default hidden shares named for the drive, e.g. C$ (where the $ indicates hidden: it won't show up in Explorer as shared). Admin$ is equivalent to the C:\WINNT folder (which may be different, for example, it may be on the D drive, or a reinstallation could have named it C:\WINNT2).
First, these MAY be removed. If you have no need of file sharing (e.g. a standalone PC) this would be recommended above any other security measure. Log in as administrator, right click on the drive, and change the sharing.
Second, the administrative shares are by default set to Full Control for administrators on the domain that was used to authenticate your machine to the network. This is their purpose: to allow human administrators and administrative processes to run unimpeded. You may retain the administrtive share but reduce the access to read-only, again by logging as administrator of the local machine.
If you are not authenticated on the domain, but are simply connected, someone trying to access this share will need to know the administrator password on the local machine (and they themselves will usually need to be logged out of the domain, to avoid a rights conflict, though there are tricks to get around that).
It is possible to lock out Domain Administrators yet still permit local machine administrators, by removing the one group from the other, but in most cases this will one day cause your administrator to pull his hair out.
To reiterate: yes, Win2K has shares by default, but they are only open to authenticated administrators.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
Windows file sharing is so fucking stupid -- why on earth would they set it up so the default share is "all users: full access"???
This is not true. The default share setting is read only.
Any reasonable person must infer that Microsoft WANTS people to give their hard drives to the internet at large.
It's more a Very Bad side-effect of oversimplifying security and making it friendly. What happens is that file-sharing is set when you install a network card. For most people this is already installed and ready to go. During Windows installation, the user is asked, "Do you want to give others access to your files?" which is straightforward enough. The problem is that this is a separate activity from setting up internet access, and there is no step during internet access that warns you, "You have given others access to your files, do you really mean that?"
Also, it would be better if the NETBEUI protocol used to access these shares were not bound to the dial-up adapter (i.e. modem). Unfortunately, all protocols are bound to all devices by default.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
before it got it's Napster-like interface.
Scour, we miss ye...
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Ok, I'll run SAMBA just so I can (a) sign up, (b) share some folders, and....
(c) have a chance at some of those hot female lawyers!
Where can I sign up?
I've heard of the odd cases where a intruder has sued a property owner for negligence, but I've never heard of a thief being let off because he didn't have to forcefully break in. Point is you can't/shouldn't take advantages of someone else's property without proper authorization.
Most open windows shares are not meant to be open to the world, they're mistakes, you can't reasonably assume that your neighbor wants you to access his hard-drive simply because you can see it. Because someone doesn't understand how these shares work or how to secure them doesn't give anyone the right to take advantage of them.
Oh great. I read this report and thought "this can't be for real". But apparently it is. I never thought I'd see the day when such outright "cracking" activities are treated as a business model :-).
:-). I sincerely hope this program falls flat on it's face, and these guys go out of business. If they presented their tool as a "security hardening" device to probe your own network, I could buy it. But they aren't even putting up that much of a facade (how stupid are they?).
Clearly, this is not a good thing or a moral thing to do -- I can defend Bob and Joe trading MP3s, but if they do it via Sally's open share (and grab some of her files too), that's a totally different thing. The problem is, the corps are going to point to this and say: "See? These geeks are just a bunch of thieves and pirates!".
In this case, it seems fairly clear-cut that they are right
It's a strange world -- let's keep it that way
you wouldn't believe the number of @home users who have a share called "C" which is read/write access to their whole hard drive, not just the mp3s, shared over SMB, publicly.
Or maybe you would..
Is this a default when you run the @home install CD or something?
No. Copying is (or rather, may be) an infringement of copyright. Theft is theft. They may both be crimes, but they are distinct actions.
Mike Godwin of the EFF writes about this here:
The purpose of copyright is to promote progress in the arts and sciences, not to allow artists to profit. (Which they don't anyway...the profits accrue to the parasitic recording labels.) In the presence of easy copying, copying restrictions no longer server to promote such progress.Tom Swiss | the infamous tms | http://www.infamous.net/
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
The analogy with anonymous ftp is flawed - there is an established precedent that anon ftp servers are for public use, and thus it is reasonable to assume you are welcome to use them; there is no such precedent for SMB default shares.
I've got to find the addresses of the people who made this software, and see if they ever leave thier doors unlocked. Because if they do, of course, then I assume I have free access to borrow thier Home Entertainment System, and grab a Free-As-In-Beer on the way out.
Next thing you know, they'll be selling software that looks for Smoking Joes (users with the username and password the same), under the logic that if someone is so completely insecure then they obviously meant for thier account to be public access.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
I don't think this would hold up in court. Leaving your door unlocked requires NO action on the users part, thus it can be done accidentally or absent-mindedly. However, by default there are no public shares when you install Windoze. The user has to specifically share a drive, device, or folder. They cannot claim "whoops, I didn't know it was shared" because the only way for it to get shared is to perform the proper action(s).
If I come along and discover a public share, I can only assume that the person *meant* to share it. I would not ask them for permission to use it, or browse the files, because they have *already* granted that priveledge to me and the world.
The lawyers seem to always try to re-word everything so that things are selectively illeagal or wrong. Personally, I'm getting tired of the bullshit with the lawyers in America, but that is another topic.
What remains to be seen is: who is liable for the (alleged) illeagal material on one of the public shares? Is the user reasonably expected to make sure the material is legal?
-This sig intentionally left blank
Point still stands - I was responding to
"
Why can't copyright owners dictate what you do with stuff you buy after you've bought it.
"
This would allow the restriction [even if it hasn't been done yet] and many others more restrictive that we haven't yet thought of.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
Remember - in many states, spamming is "legal" - but accounts still get whacked because an AUP that says "we nuke spammers" is every bit as legal.
Same thing applies here: Sniffing for shares may be legal (though morally questionable). Using the shares may even be legal (though even more morally questionable). But reporting sniffers to abuse@sniffer's-ISP is also legal, and it's just as legal for that ISP to LART the offender for TOS violation when a sufficient number of abuse reports pile up.
So I read through each EULA, going over the various Terms and Agrements. That way, if I see something I don't agree with, I can always not accept. Conversly, this way I know my responsibilities as an end user.
Think of each HD that gets fuX0red as User Darwinism.
--M.
With 40+ gigs hard drive on the market, it's has become more and more difficult to fill it all up with useless crap you download from the net. Thankfully the great community of the net has found a new way to solve this problem, now anyone can fill your drive with useless crap so you can live your life in peace without never having to spend night after night downloading useless crap from the net because you know that someone will do it for you. Just remember to delete everything and defragment once in a will to leave space for new useless crap.
Je t'aime Stéphanie
Dear Microsoft,
... ;-)
.vortex
Please cease and desist the use of netbios immediately, because it is used to transfer copyrighted material some of which are owned by our members.
Yours mercilessly,
RIAA
Could this spell the end of one of the most ugly MS TCP/IP protocol hacks?
I guess not. But the thought made me smile
--
Time flies like an arrow -- Fruit flies like a banana
When locking down a M$ workstation or server, one of the first things you have to do if you want it to be as completely secure as you can get it is to forget about 'file-sharing'.
It's a shame, because there are really good ways to do file-sharing besides sftp that are secure. Unfortuneately, Microsoft doesn't beleive in security. In the default installations, which everyone else is going to want to connect to your shares with, every protocol is bound to every adapter, etc. It takes a skilled hand to break the uneccessary bindings or use a Non-MS Filesharing service. Because Microsoft refuses to make a *sane* default Network configuration for Joe-Bestbuy, those of use who care about security will never be able to run shares across TCP-IP.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
... but it is possible that you may have a fool for a client.
I leave you to rely upon your own legal advices, and at your own peril. The same argument can be made, and has been made, about open doors and keys and real property or automobiles; and about property that has been left alone for a brief time at airports. I can assure you that the law governing trespass, theft and implied consent in non-computer arenas is generally quite unkind to defendants -- and there are many an incarcerated felon who continues to grumble with remarks not substantially different from those you have made here.
This much is certain, you are not correct merely because you say so, and certainly not because you ended your posting with the term "duh!" Likewise, I may well be wrong in some cases, and perhaps not in others.
The trick is not to be the defendant in one of the others. Educate yourself, and be certain before you are sorry.
An undeniable, strong and powerful distinction can be made between an anonymous ftp account or a webserver on one hand, and a passworded system having known security bugs or easily guessable passwords on the other. Many skr1p7 k1dd135 feel that the latter are likewise invitations to plunder, but would be (and have been) laughed out of court on a defense based on that theory. Still others think that finding the "magic url" to breach into an intranet is legit, simply on the theory that it was permitted to be done -- this is a dangerous assumption.
The failure to password a portion of a system may or may not be an implied consent to plunder -- my suggestion is not to be wrong in assuming that it is. Be damned sure you are invited before you start taking data.
In particular cases, you might well not have committed a felony. Good for you. But in others, you may well have done something for which your life and liberty will later be in jeopardy.
Look, its entirely up to you to decide how you want to manage things -- but by all means have your a** well-covered when you do. Its a bad, bad idea to be your own lawyer, particularly when being wrong may cost you your life as you know it.
I would say that "All your shares are belong to us", but we knew that already.
But on the Internet, how can you tell the difference between a private area (someone's house) and a public area (the town commons, McDonalds, etc). It all looks identical.
There are plenty of places where you really do have the owner's permission to read/write, and they are indistiguishable from Joe Schmoe's "accidental" ftp site or Samba share. This is what leads to the attitude that, if someone is sharing a resource, they mean for it to be shared.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Dammit, I just realized that I don't have even a shred of proof that Slashdot (or any other web server) has ever granted me express permission to access their server. And by replying to your post, I am even writing to their server. It looks like I'm a sitting duck for a felony charge at any time.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
In the US, they might also have a case. Storing information on your computer, without your knowledge, has become pretty much the norm, with "stealth cookies", assorted "copy protection" schemes, etc. It would be very difficult to contend in court that one kind of unauthorized use of file space was more "acceptable" than another.
Worse, from any corporate standpoint, if it were to be declared illegal to use these kinds of schemes, virtually all proprietary software on the market would be illegal, as virtually all proprietary software tampers with your hard drive in ways that you do not explicitly authorize.
From the standpoint of "ethics", the trading of any kind of commercial product (be it a sound file or a computer package) is definitely in the "Not OK" pile. But the law doesn't work by ethics, it works by bloody-mindedness and party politics.
IMHO, we're going to see persecution of Napster, but a strange silence over PtV. Companies have too much invested in it themselves to risk it.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
If you don't already know about it, go to the Gibson Research Center. He has a program, Shields Up!, that tells you if your NetBIOS (and other) ports are vulnerable. He also includes detailed steps on how to configure Windows to make the NetBIOS ports inaccessible from the internet. Even if you don't have shares, the NetBIOS ports will give out information about the configuration of your computer.
Check out Chad's News
This is probably a feature so that they can give you technical support.
"We ga-run-tee you will have 100% satisfaction with our tech support. Hell, we'll even file your quicken tax forms for you and finish your doctoral thesis while we're at it!"
-pos
The truth is more important than the facts.
The truth is more important than the facts.
-Frank Lloyd Wright
Windows file sharing is so fucking stupid -- why on earth would they set it up so the default share is "all users: full access"??? Any reasonable person must infer that Microsoft WANTS people to give their hard drives to the internet at large.
Of course, there are plenty of other idiots in town -- how many remote holes are there in the default RedHat install? And that's without even having to click a button that says "enable file sharing".
ShareSniffer should be viewed as a wake-up call to OS vendors in general. The default settings should not Not NOT open your computer to remote takeovers!!!
This is almost exactly the same concept as the old anonymous FTP upload scanners. They both poll random IP addresses for poorly-configured servers that allow open access.
This program searches for Windows shares without a password, and an anonymous FTP upload scanner searches for world-writable upload directories on FTP servers that are also readable. Both have the same effect: allowing the server to be used by unauthorized third parties for anonymous file storage and retrieval.
This was very popular back in the early to mid 1990's, when anonymous FTP was the main way of transferring files on the Internet and security standards were low. Warez sites were just getting started, and most pirates didn't have the resources to put their own servers online full-time, so typically someone else's FTP site would be taken over to do the job.
I'm sure many sysadmins remember the surprise of seeing their disk space suddenly fill up over a weekend, all hidden under the ... (three dots) directory...
Super eurobeat from Avex and Konami unite in your DANCE!
Dr. Demento On The 'Net!
Why not just use a firewall to isolate your network from the big bad Internet? Think of all the extra memory and processing power wasted by running two transport protocols on each of your workstations. And think about when your internal network grows large enough to -need- a routable transport protocol internally as well as externally. Hardly an optimal solution, IMHO. Linux makes a cheap and easy firewall using the numerous floppy based router distros, or you could use OpenBSD for a really secure firewall, also at low cost.
OK, on the one hand, we have unwitting users sharing their HDD's inadvertently to the internet. On the other hand, as the article says, they had to click to share that folder; it was a conscious decision on their part to share it.
On the plus side, there is no big single entity to sue here like with Napster, only individuals. And those individuals can always say "Ooops, I didn't realise _everyone_ could see my files!", so the suing company will burn wedges of cash tracking people down just to see them roll over. Again, the legal vultures are circling..
Great idea using Usenet, though. And everyone thought that Usenet was dead!
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
IT Manager: Well, I'm afraid we're taking your workstation away. Security will be by in a few minutes to escort you out of the building.
Developer: What? Why? I didn't do anything to get fired over!
IT Manager: We found all sorts of obscene materials on your harddrive in shared folders.
Developer: Huh?
IT Manager: Like German schisse porn and crushing videos.
Developer: That's ridiculous-- Oh my god! What are they doing to that poor German Shepard? Wait a second, I didn't put this on here! I swear!
IT Manager: It's your own fault. You didn't *have* to share those drives.
Developer: Yes I did! My manager told me to!
IT Manager: We're firing him, too. Seem's he has goat.cx pictures all over *his* hard drive.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
No. A better analogy would be if I had a sign on my door, meant for a visting friend, which said "Come on in and have a beer". If a stranger sees it and comes in and helps himself to a cold one, has he done anything morally or legally wrong?
Opening your shares is inviting other people in. If you fail to specify who you're inviting, that's your fault.
Copying is not theft. HTH. HAND.Tom Swiss | the infamous tms | http://www.infamous.net/
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
"I really wish someone would explain to me why artists and distribution companies shouldn't be allowed to control how their property is used.
"
It's something to do with fair use rights. For example, if you buy a book you should be allowed to read it. However, if your book came with a EULA inside the package that said reading it was forbidden the person who bought it has been ripped off. This applies to electronic books you are not allowed to read aloud [famous case - Alice in Wonderland from Adobe's E-books site].
Oh, if copying is theft, then if I come to your house and note down what posessions you have in the lounge, the decor and go home and produce an idnetical lounge without asking you - did I steal the lounge from you?
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
Here's the ad, by the way, pretty funny if you ask me.
Free music from Jack Merlot.
I'm not denying the part about the idiot paddle, but the definition was from my college dictionary, Webster's New World Dictionary of American English, Third College Edition, 1988.
Scroll down on the linked definition and you'll see similar definitions:
1. A company; an assembly or collection of persons, especially of ladies.
bevy n 1: a group of girls or young women
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
The misdeed here (may or may not be a crime, depending) is fraud, not copying. It would be just as wrong to represent a work placed in the public domain (by expiration of copyright, or by deliberate act) as your own as to represent a copyrighted work as your own.
The idea of an exclusive right to copy is no longer worthwhile. However, the ideas of a right to be recognized as an author or creator and a right to receive royalties from for-profit use (like songwriter royalties today) would still be of benefit.
Tom Swiss | the infamous tms | http://www.infamous.net/
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood