Slashdot Mirror


P2P Leaks Surprises

kilian.cavalotti writes "A new Web log is posting what it purports are pictures, documents and letters from U.S. soldiers and military bases in Iraq and elsewhere--all of which the site's operator claims to have downloaded from peer-to-peer networks such as Gnutella. The "See What You Share" site has been online for a week and has published photos ranging from a crashed military jet to a screenshot of a spreadsheet file that appears to include names, addresses and telephone numbers of marines. The site's operator, a 30-year-old named Rick Wallace, wrote in a blog posting that he is trying to help the military understand how serious a security risk unmonitored peer-to-peer file sharing can be."

10 of 389 comments (clear)

  1. I always thought... by digitalsushi · · Score: 4, Interesting

    I always thought military desks had two machines on them. A public internet and a military internet, and at no point were they ever interconnected. Is there any shade of truth of that *at all* in any branch of our military? It certainly sounds like any casual remark anyone might make at the watercooler, but it'd be interesting to hear from someone who's been there.

    --
    slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
  2. Place your bets now! by koganuts · · Score: 4, Interesting

    It'll be interesting to see how long it'll take before the operator of that weblog is arrested, even though he's trying to prove a point.

  3. This can't be too good... by Eberlin · · Score: 3, Interesting

    This is different from full-disclosure of software vulnerabilities because this is more a human error than anything else. It's not like there's software to be patched...it's a matter of educating the user as to what they're doing wrong.

    The only real problem here is the public disclosure of personal information -- if I were one of the names shown, I'd probably be upset. (of course if this is going on in a widespread fashion, I'd be upset anyway) In the end we can only hope that the "shock value" of presenting these to the public will create enough awareness to minimize the problem.

    Otherwise we can all watch as the spinsters pull another argument for their "p2p is evil" campaign.

  4. Surprising by Quila · · Score: 4, Interesting

    In the extremely large military network I worked on, all P2P ports were blocked (the rule was deny all, allow by exception) and the IDS was tweaked to catch anyone who fiddled with the ports to get around that. The security guys were not nice to people they caught.

    I guess some areas of the military just aren't set up that well.

  5. Re:I think is was said somewhere else... by Zareste · · Score: 3, Interesting

    The problem is that somebody published the pictures on the network. Did anybody notice that, or would we rather just follow Rick's solution and have the people from our oh-so-trustworthy 'that blunder is confidential' military tell us what we can publish and see on the internet? Oh, sounds great. "Hey Jim, this picture has 'no war' written on it. You know what to do..."

    I guess we COULD track down whoever leaked the info, but why do that when you can go after anyone on or in the remote proximity of any random network? Perfect plan. A big 'duuuhhhr' goes out to Rick who lacks the capacity to get this through his head.

    --
    I am NOT a number! I am a - oh wait, I'm number 761710. Look! 761710!
  6. Give that man a cigar by Atario · · Score: 4, Interesting
    You hit the nail on the head. The same principles apply to soldiers gabbing about classified stuff F2F, never mind P2P.

    Oh, and I submitted this with a funnier headli...er, wait, this isn't Fark, is it.

    Well, I did submit it, with a link to a ZDNet article about it, in which they give a little more detail about what happened with the blogger's attempts to get the authorities involved:
    In an interview from Germany, where he lives with his wife, a U.S. Army officer, Wallace said he had contacted local military intelligence about the issue. They forwarded the information to a higher level, but there was little further response until he contacted the office of Sen. Conrad Burns, who represents Wallace's home state of Montana, Wallace said.
    ...
    Shortly after Wallace got in contact with Burns' office, the file of classified documents disappeared from Gnutella.
    Ummmm...what??? How powerful is this senator, that he can pluck a given file off a decentralized P2P network? How did he do that? Am I going to get an insistent knock on my door for even questioning this?

    Tell my wife I love her! AIEEEE!!!
    --
    "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
  7. Re:I think is was said somewhere else... by jemenake · · Score: 4, Interesting
    If you choose to expose security weaknesses, don't take advantage of them. Tell those who can fix it/do something about it, and no one else. What this person is doing will just give other people ideas.
    Unfortunately, most people don't take it seriously unless it really happens to them or if they see it happen to someone else like them.

    A great example of this happened at my university about 10 years ago. The campus ran a cluster of unix machines for students to get email, read usenet, compile C programs, run nethack, etc.

    The nerds amongst us were fairly concerned that the admins: 1) didn't keep the passwords in a shadow file, and 2) didn't run Crack on the password file to find weak passwords. I guess the reasons were that: 1) the OS (I think it was AIX at the time) didn't support /etc/shadow, and 2) the admins shuddered at the thought of freezing the accounts of and having to talk scores of users through the process of changing their passwords.

    So... one of the nerds kinda... "settled" the issue for them. He ran Crack on the entire password table and POSTED all of the cracked login/password combos (a couple thousand out of something like 10,000 users, I think) to the local campus newsgroups.

    Of course... this led to only one account being frozen... and you can probably guess whose it was.

    But the campus did start to show a newfound interest in password robustness after that.
  8. Re:Okay by lawpoop · · Score: 3, Interesting

    this site shows random pictures on google image search based on naming conventions of digital cameras.

    --
    Computers are useless. They can only give you answers.
    -- Pablo Picasso
  9. Re:Start running, Rick by wo1verin3 · · Score: 3, Interesting

    >> He can wave goodbye to all his computer
    >> equipment. And in about a week's time, he'll
    >> be complaining

    I think he's safe.... however this may put the P2P networks in violation of the Patriot act and get 'em shut down really quickly where the RIAA couldn't do it.

  10. Re:I think is was said somewhere else... by DNS-and-BIND · · Score: 3, Interesting

    Ever consider that this is misinformation, intentionally meant to fall into the hands of the enemy?

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!