Peer-To-Victim File Sharing

← Back to Stories (view on slashdot.org)

Posted by jamie on Monday February 26, 2001 @05:18AM from the you-down-with-OPHD? dept.

ShareSniffer is profiled in a SecurityFocus article today. The company has come up with a new and guiltless way to trade MP3s: just use someone else's hard drive. They have a "bevy of lawyers" (bevy, n., a group, esp. of girls or women) who say taking advantage of public Windows shares is perfectly legal. And why not? Clicking "I Agree" without reading a license agreement is legally binding, right? So when you click "Share This Folder," whether you understand its implications or not, you've authorized the world to play with your drive, and have no right to complain.

</devilsadvocate>

8 of 266 comments (clear)

Min score:

Reason:

Sort:

WinNT/2K administrative shares by DHartung · 2001-02-26 03:15 · Score: 4

Correct, Windows 2000 (like NT) has default hidden shares named for the drive, e.g. C$ (where the $ indicates hidden: it won't show up in Explorer as shared). Admin$ is equivalent to the C:\WINNT folder (which may be different, for example, it may be on the D drive, or a reinstallation could have named it C:\WINNT2).

First, these MAY be removed. If you have no need of file sharing (e.g. a standalone PC) this would be recommended above any other security measure. Log in as administrator, right click on the drive, and change the sharing.

Second, the administrative shares are by default set to Full Control for administrators on the domain that was used to authenticate your machine to the network. This is their purpose: to allow human administrators and administrative processes to run unimpeded. You may retain the administrtive share but reduce the access to read-only, again by logging as administrator of the local machine.

If you are not authenticated on the domain, but are simply connected, someone trying to access this share will need to know the administrator password on the local machine (and they themselves will usually need to be logged out of the domain, to avoid a rights conflict, though there are tricks to get around that).

It is possible to lock out Domain Administrators yet still permit local machine administrators, by removing the one group from the other, but in most cases this will one day cause your administrator to pull his hair out.

To reiterate: yes, Win2K has shares by default, but they are only open to authenticated administrators.
----

--
lake effect weblog
{Network engineer in Chicago--looking for work!}
We have to respond to this by msuzio · 2001-02-26 00:26 · Score: 5

Oh great. I read this report and thought "this can't be for real". But apparently it is. I never thought I'd see the day when such outright "cracking" activities are treated as a business model :-).
Clearly, this is not a good thing or a moral thing to do -- I can defend Bob and Joe trading MP3s, but if they do it via Sally's open share (and grab some of her files too), that's a totally different thing. The problem is, the corps are going to point to this and say: "See? These geeks are just a bunch of thieves and pirates!".
In this case, it seems fairly clear-cut that they are right :-). I sincerely hope this program falls flat on it's face, and these guys go out of business. If they presented their tool as a "security hardening" device to probe your own network, I could buy it. But they aren't even putting up that much of a facade (how stupid are they?).

--
It's a strange world -- let's keep it that way
you wouldn't believe by TheTomcat · 2001-02-26 00:26 · Score: 4

you wouldn't believe the number of @home users who have a share called "C" which is read/write access to their whole hard drive, not just the mp3s, shared over SMB, publicly.

Or maybe you would..

Is this a default when you run the @home install CD or something?
Might work... by BrK · 2001-02-26 00:27 · Score: 4

The legal morons have this quote in the article: "The person who has, through no knowledge of his own, left file sharing 'on' with no protection, that is the electronic equivalent of leaving your door unlocked," says Rasch. "You can't with any degree of certainly say it is an invitation to enter... Therefore when you enter through an open file share, that's likely an unauthorized access."
I don't think this would hold up in court. Leaving your door unlocked requires NO action on the users part, thus it can be done accidentally or absent-mindedly. However, by default there are no public shares when you install Windoze. The user has to specifically share a drive, device, or folder. They cannot claim "whoops, I didn't know it was shared" because the only way for it to get shared is to perform the proper action(s).
If I come along and discover a public share, I can only assume that the person *meant* to share it. I would not ask them for permission to use it, or browse the files, because they have *already* granted that priveledge to me and the world.
The lawyers seem to always try to re-word everything so that things are selectively illeagal or wrong. Personally, I'm getting tired of the bullshit with the lawyers in America, but that is another topic.
What remains to be seen is: who is liable for the (alleged) illeagal material on one of the public shares? Is the user reasonably expected to make sure the material is legal?

--
-This sig intentionally left blank
Lawyers don't trump AUP by Tackhead · 2001-02-26 00:27 · Score: 5

Bevy of lawyers or not, there's nothing to stop you from reporting sniffs for shares as potential violations of the sniffer's ISP's AUP.
Remember - in many states, spamming is "legal" - but accounts still get whacked because an AUP that says "we nuke spammers" is every bit as legal.
Same thing applies here: Sniffing for shares may be legal (though morally questionable). Using the shares may even be legal (though even more morally questionable). But reporting sniffers to abuse@sniffer's-ISP is also legal, and it's just as legal for that ISP to LART the offender for TOS violation when a sufficient number of abuse reports pile up.
It's understandable. by SpanishInquisition · 2001-02-26 00:29 · Score: 5

With 40+ gigs hard drive on the market, it's has become more and more difficult to fill it all up with useless crap you download from the net. Thankfully the great community of the net has found a new way to solve this problem, now anyone can fill your drive with useless crap so you can live your life in peace without never having to spend night after night downloading useless crap from the net because you know that someone will do it for you. Just remember to delete everything and defragment once in a will to leave space for new useless crap.

--
Je t'aime Stéphanie
RIAA should clamp down on netbios! by Anomynous+Coward · 2001-02-26 00:29 · Score: 5

Dear Microsoft,

Please cease and desist the use of netbios immediately, because it is used to transfer copyrighted material some of which are owned by our members.

Yours mercilessly,

RIAA

Could this spell the end of one of the most ugly MS TCP/IP protocol hacks?

I guess not. But the thought made me smile ... ;-)

.vortex

--

--
Time flies like an arrow -- Fruit flies like a banana
How did all this schisse porn get in my MP3 share? by Bonker · 2001-02-26 00:38 · Score: 5

IT Manager: Well, I'm afraid we're taking your workstation away. Security will be by in a few minutes to escort you out of the building.

Developer: What? Why? I didn't do anything to get fired over!

IT Manager: We found all sorts of obscene materials on your harddrive in shared folders.

Developer: Huh?

IT Manager: Like German schisse porn and crushing videos.

Developer: That's ridiculous-- Oh my god! What are they doing to that poor German Shepard? Wait a second, I didn't put this on here! I swear!

IT Manager: It's your own fault. You didn't *have* to share those drives.

Developer: Yes I did! My manager told me to!

IT Manager: We're firing him, too. Seem's he has goat.cx pictures all over *his* hard drive.

--
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!