P2P Leaks Surprises
kilian.cavalotti writes "A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella.
The "See What You Share" site has been online for a week and has published photos ranging from a crashed military jet to a screenshot of a spreadsheet file that appears to include names, addresses and telephone numbers of marines. The site's operator, a 30-year-old named Rick Wallace, wrote in a blog posting that he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be."
I always thought military desks had two machines on them. A public internet and a military internet, and at no point were they ever interconnected. Is there any shade of truth of that *at all* in any branch of our military? It certainly sounds like any casual remark anyone might make at the watercooler, but it'd be interesting to hear from someone who's been there.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
It'll be interesting to see how long it'll take before the operator of that weblog is arrested, even though he's trying to prove a point.
This is different from full-disclosure of software vulnerabilities because this is more a human error than anything else. It's not like there's software to be patched...it's a matter of educating the user as to what they're doing wrong.
The only real problem here is the public disclosure of personal information -- if I were one of the names shown, I'd probably be upset. (of course if this is going on in a widespread fashion, I'd be upset anyway) In the end we can only hope that the "shock value" of presenting these to the public will create enough awareness to minimize the problem.
Otherwise we can all watch as the spinsters pull another argument for their "p2p is evil" campaign.
In the extremely large military network I worked on, all P2P ports were blocked (the rule was deny all, allow by exception) and the IDS was tweaked to catch anyone who fiddled with the ports to get around that. The security guys were not nice to people they caught.
I guess some areas of the military just aren't set up that well.
The problem is that somebody published the pictures on the network. Did anybody notice that, or would we rather just follow Rick's solution and have the people from our oh-so-trustworthy 'that blunder is confidential' military tell us what we can publish and see on the internet? Oh, sounds great. "Hey Jim, this picture has 'no war' written on it. You know what to do..."
I guess we COULD track down whoever leaked the info, but why do that when you can go after anyone on or in the remote proximity of any random network? Perfect plan. A big 'duuuhhhr' goes out to Rick who lacks the capacity to get this through his head.
I am NOT a number! I am a - oh wait, I'm number 761710. Look! 761710!
Oh, and I submitted this with a funnier headli...er, wait, this isn't Fark, is it.
Well, I did submit it, with a link to a ZDNet article about it, in which they give a little more detail about what happened with the blogger's attempts to get the authorities involved:Ummmm...what??? How powerful is this senator, that he can pluck a given file off a decentralized P2P network? How did he do that? Am I going to get an insistent knock on my door for even questioning this?
Tell my wife I love her! AIEEEE!!!
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
A great example of this happened at my university about 10 years ago. The campus ran a cluster of unix machines for students to get email, read usenet, compile C programs, run nethack, etc.
The nerds amongst us were fairly concerned that the admins: 1) didn't keep the passwords in a shadow file, and 2) didn't run Crack on the password file to find weak passwords. I guess the reasons were that: 1) the OS (I think it was AIX at the time) didn't support
So... one of the nerds kinda... "settled" the issue for them. He ran Crack on the entire password table and POSTED all of the cracked login/password combos (a couple thousand out of something like 10,000 users, I think) to the local campus newsgroups.
Of course... this led to only one account being frozen... and you can probably guess whose it was.
But the campus did start to show a newfound interest in password robustness after that.
this site shows random pictures on google image search based on naming conventions of digital cameras.
Computers are useless. They can only give you answers.
-- Pablo Picasso
>> He can wave goodbye to all his computer
>> equipment. And in about a week's time, he'll
>> be complaining
I think he's safe.... however this may put the P2P networks in violation of the Patriot act and get 'em shut down really quickly where the RIAA couldn't do it.
Ever consider that this is misinformation, intentionally meant to fall into the hands of the enemy?
Shutting down free speech with violence isn't fighting fascism. It IS fascism!