Slashdot Mirror
Peer-To-Victim File Sharing
ShareSniffer
is profiled in
a SecurityFocus article
today. The company has come up with a new and guiltless way to trade MP3s: just use someone else's hard drive. They have a "bevy of lawyers"
(bevy,
n., a group, esp. of girls or women)
who say taking advantage of public Windows shares is perfectly legal. And why not? Clicking "I Agree" without reading a license agreement is legally binding, right? So when you click "Share This Folder," whether you understand its implications or not, you've authorized the world to play with your drive, and have no right to complain.
</devilsadvocate>
I have.
........."
It's often not simple to find out what email address belongs to specific IPs, though.
I've actually used an open print-share to print a message like "You're sharing your printer to the world. This can be fixed by right-clicking on your printer and selecting 'sharing', then assigning a password. If you need help, please feel free to email me at
But then they just get scared and think I'm some cracker. People don't listen until someone gets hurt.
I'm not trying to be elitist about this, but look, for example at the DDoS stuff a year or so ago. Nobody cared that it was possible, until it hurt a bunch of dotcoms, then there were all kinds of outcries, and now the problem has died, and nobody cares now. Even though DDoS is still very possible.
"A person is smart. People are dumb, panicky, dangerous animals, and you know it."
-Kay, Men In Black, 1997
I tend to agree fully. (-:
With file sharing you have specifically left the door open, and hung out a come on in sign.
Unless you have an access control system for the door, you cannot leave it unlocked for specific people, so you have to leave it unlocked for everyone.
With file sharing, you can specificy a password, and different users, and thus can allow in only the people you *want* to come in. Specifying "full access" means just that. If you're too lazy to lock it down properly, so be it.
-This sig intentionally left blank
Actually, this is a very poor analogy. If you like bikes, here is a better one.
In Amsterdamn, they had a system of white bicycles. There weren't owned by anybody. The idea was that if you needed to go somewhere, you would just hop on the nearest white bike, ride it to your destination, and leave it for the next person. Your analogy should be:
Suppose you had a bike, painted it white, and left it outside in a bike rack unlocked with a bunch of other white bikes. Could you then bitch when someone "steals" your white bike? That's what people are doing when they say you can't access open shares. Open shares are not like "[leaving] his bike out on the driveway unlocked". It is actually marking the bike in such a way that anybody who comes along a looks at it (via scanning) will see that the bike is marked as being free to use. By your analogy, every access to a publicly available web or FTP server is like stealing some poor kids bike off of their driveway.
My question, though, and one I will be actively investigating: how does this affect Windows 2000 machines. I know there are "administration" shares set up (default hidden shares like C$), but I believe... don't quote me on this... that you need a password to view them. Just the same, I'm going to have to read this Ars Technica article in depth on how to secure my Windows 2000 box fully (I've followed most of the instructions, but I never removed the shares). I suggest any of you with Windows 2000 to do the same as well.
And I still have to secure my RedHat side of the box. *sigh*
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
You can't get up and say that this tool does not break into people's system, the users do. There seems to be a trend (As in Napster) where a tool is written to do something and they deny that the tool is doing it.
It just does not wash. And boy am I gald I'm running Linux.
Erlang Developer and podcaster
Correct, Windows 2000 (like NT) has default hidden shares named for the drive, e.g. C$ (where the $ indicates hidden: it won't show up in Explorer as shared). Admin$ is equivalent to the C:\WINNT folder (which may be different, for example, it may be on the D drive, or a reinstallation could have named it C:\WINNT2).
First, these MAY be removed. If you have no need of file sharing (e.g. a standalone PC) this would be recommended above any other security measure. Log in as administrator, right click on the drive, and change the sharing.
Second, the administrative shares are by default set to Full Control for administrators on the domain that was used to authenticate your machine to the network. This is their purpose: to allow human administrators and administrative processes to run unimpeded. You may retain the administrtive share but reduce the access to read-only, again by logging as administrator of the local machine.
If you are not authenticated on the domain, but are simply connected, someone trying to access this share will need to know the administrator password on the local machine (and they themselves will usually need to be logged out of the domain, to avoid a rights conflict, though there are tricks to get around that).
It is possible to lock out Domain Administrators yet still permit local machine administrators, by removing the one group from the other, but in most cases this will one day cause your administrator to pull his hair out.
To reiterate: yes, Win2K has shares by default, but they are only open to authenticated administrators.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
Oh great. I read this report and thought "this can't be for real". But apparently it is. I never thought I'd see the day when such outright "cracking" activities are treated as a business model :-).
:-). I sincerely hope this program falls flat on it's face, and these guys go out of business. If they presented their tool as a "security hardening" device to probe your own network, I could buy it. But they aren't even putting up that much of a facade (how stupid are they?).
Clearly, this is not a good thing or a moral thing to do -- I can defend Bob and Joe trading MP3s, but if they do it via Sally's open share (and grab some of her files too), that's a totally different thing. The problem is, the corps are going to point to this and say: "See? These geeks are just a bunch of thieves and pirates!".
In this case, it seems fairly clear-cut that they are right
It's a strange world -- let's keep it that way
you wouldn't believe the number of @home users who have a share called "C" which is read/write access to their whole hard drive, not just the mp3s, shared over SMB, publicly.
Or maybe you would..
Is this a default when you run the @home install CD or something?
I don't think this would hold up in court. Leaving your door unlocked requires NO action on the users part, thus it can be done accidentally or absent-mindedly. However, by default there are no public shares when you install Windoze. The user has to specifically share a drive, device, or folder. They cannot claim "whoops, I didn't know it was shared" because the only way for it to get shared is to perform the proper action(s).
If I come along and discover a public share, I can only assume that the person *meant* to share it. I would not ask them for permission to use it, or browse the files, because they have *already* granted that priveledge to me and the world.
The lawyers seem to always try to re-word everything so that things are selectively illeagal or wrong. Personally, I'm getting tired of the bullshit with the lawyers in America, but that is another topic.
What remains to be seen is: who is liable for the (alleged) illeagal material on one of the public shares? Is the user reasonably expected to make sure the material is legal?
-This sig intentionally left blank
Remember - in many states, spamming is "legal" - but accounts still get whacked because an AUP that says "we nuke spammers" is every bit as legal.
Same thing applies here: Sniffing for shares may be legal (though morally questionable). Using the shares may even be legal (though even more morally questionable). But reporting sniffers to abuse@sniffer's-ISP is also legal, and it's just as legal for that ISP to LART the offender for TOS violation when a sufficient number of abuse reports pile up.
With 40+ gigs hard drive on the market, it's has become more and more difficult to fill it all up with useless crap you download from the net. Thankfully the great community of the net has found a new way to solve this problem, now anyone can fill your drive with useless crap so you can live your life in peace without never having to spend night after night downloading useless crap from the net because you know that someone will do it for you. Just remember to delete everything and defragment once in a will to leave space for new useless crap.
Je t'aime Stéphanie
Dear Microsoft,
... ;-)
.vortex
Please cease and desist the use of netbios immediately, because it is used to transfer copyrighted material some of which are owned by our members.
Yours mercilessly,
RIAA
Could this spell the end of one of the most ugly MS TCP/IP protocol hacks?
I guess not. But the thought made me smile
--
Time flies like an arrow -- Fruit flies like a banana
I would say that "All your shares are belong to us", but we knew that already.
Windows file sharing is so fucking stupid -- why on earth would they set it up so the default share is "all users: full access"??? Any reasonable person must infer that Microsoft WANTS people to give their hard drives to the internet at large.
Of course, there are plenty of other idiots in town -- how many remote holes are there in the default RedHat install? And that's without even having to click a button that says "enable file sharing".
ShareSniffer should be viewed as a wake-up call to OS vendors in general. The default settings should not Not NOT open your computer to remote takeovers!!!
IT Manager: Well, I'm afraid we're taking your workstation away. Security will be by in a few minutes to escort you out of the building.
Developer: What? Why? I didn't do anything to get fired over!
IT Manager: We found all sorts of obscene materials on your harddrive in shared folders.
Developer: Huh?
IT Manager: Like German schisse porn and crushing videos.
Developer: That's ridiculous-- Oh my god! What are they doing to that poor German Shepard? Wait a second, I didn't put this on here! I swear!
IT Manager: It's your own fault. You didn't *have* to share those drives.
Developer: Yes I did! My manager told me to!
IT Manager: We're firing him, too. Seem's he has goat.cx pictures all over *his* hard drive.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
No. A better analogy would be if I had a sign on my door, meant for a visting friend, which said "Come on in and have a beer". If a stranger sees it and comes in and helps himself to a cold one, has he done anything morally or legally wrong?
Opening your shares is inviting other people in. If you fail to specify who you're inviting, that's your fault.
Copying is not theft. HTH. HAND.Tom Swiss | the infamous tms | http://www.infamous.net/
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood