Slashdot Mirror

← Back to Stories (view on slashdot.org)

Indictment Highlights File-Sharing Risks

Posted by CowboyNeal on from the careful-what-you-share dept.

Bomarc writes "Via the KOMO-TV website, an article from the Associated Press about how Gregory Thomas Kopiloff used Limewire, Soulseek and other peer-to-peer file-sharing programs to troll other computers for financial information, which he used to open credit cards for an online shopping spree, according to a four-count indictment unsealed in US District Court on Thursday. The news article isn't big on details, but it does outline the risks with peer-to-peer file-sharing programs."

86 comments

  1. Filesharing isn't a risk by Anonymous Coward · · Score: 5, Insightful


    however poorly configured software is, wether its MSIE or OpenSSH or SMB if they are poorly configured you will get bitten

    anyway this smells like another "OMG p2p teh evill!!!" anti-p2p propaganda

    1. Re:Filesharing isn't a risk by rucs_hack · · Score: 1

      people still use those old p2p programs? Wow.

      I couldn't be bothered myself. It always seemed like far too much effort when I could just, y'know, listen to the radio or rip from streams.

    2. Re:Filesharing isn't a risk by dintech · · Score: 1

      Umm, ripping from streams is definitely harder than typing a filename into a text box, searching and double clicking a track to download. It's this ease of use that made P2P so prolific. Even Joe six-pack could do it and mp3 files were no longer the domain of underground IRC communities and FTP shares.

    3. Re:Filesharing isn't a risk by Apatharch · · Score: 2, Insightful

      however poorly configured software is, wether its MSIE or OpenSSH or SMB if they are poorly configured you will get bitten

      anyway this smells like another "OMG p2p teh evill!!!" anti-p2p propaganda

      Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client. As the summary states, there's very little detail in the article about how the information was actually accessed; all that would be required is a few pointers to help people prevent the sharing of sensitive files, but TFA seems to be following the fear-mongering route instead with quotes like "If you are running file-sharing software, you are giving criminals the keys to your computer".

      And then, right at the end, we have:

      Kopiloff also obtained some sensitive information the old-fashioned way, from associates who would steal mail or go "Dumpster diving" for discarded financial records, the indictment said, adding that he would open credit accounts and then go shopping online

      Who wants to bet that a more significant proportion of the information came from that source?

    4. Re:Filesharing isn't a risk by mgoren · · Score: 1

      Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client. As the summary states, there's very little detail in the article about how the information was actually accessed; all that would be required is a few pointers to help people prevent the sharing of sensitive files, but TFA seems to be following the fear-mongering route instead with quotes like "If you are running file-sharing software, you are giving criminals the keys to your computer".
      mod parent up!

      Since the article doesn't say otherwise, I assume that the p2p apps in question do not actually share the entire drive by default. They probably ask what folder(s), and some users mistakenly share the entire drive. So the applications should better educate users about what they're doing.

      Even if some particular apps really do automatically share the entire drive, the article should be discussing the dangers of THOSE apps, not of p2p in general. The way it's written, it sounds awfully fear-mongering.
    5. Re:Filesharing isn't a risk by ultranova · · Score: 1

      people still use those old p2p programs? Wow.

      I couldn't be bothered myself. It always seemed like far too much effort when I could just, y'know, listen to the radio or rip from streams.

      They send ebooks and programs over the radio where you live ? Cool.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    6. Re:Filesharing isn't a risk by rucs_hack · · Score: 2, Informative

      I'm in Audible...

    7. Re:Filesharing isn't a risk by joemawlma · · Score: 1

      however poorly configured software is, wether its MSIE or OpenSSH or SMB if they are poorly configured you will get bitten

      SMB? Super Mario Brothers is NOT poorly configured software!

  2. Well, if you're going to share your financial info by numbski · · Score: 1

    ...then don't be suprised when someone takes it as a gift and goes to buy something nice for themselves! :)

    (I know, I know, uneducated users, sharing C (or /) and not knowing any better, blah blah blah.

    Off to get myself that PS3 I'd never spend my hard earned dollars on....

    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  3. Well if you going share C:\ expect bad things. by woodchip · · Score: 2, Insightful

    (n/t) DUH.

  4. Why? by rolfc · · Score: 1

    Why not just use bittorrent?

    1. Re:Why? by Threni · · Score: 1, Informative

      > Why not just use bittorrent?

      Because there's more good music available on Soulseek; you can see the bitrate before you download it; you can talk to users in rooms about the music first; you can download the same album from more than one person for speed; you don't end up waiting in vain for the last 6.9% of a torrent; you can ban leeches; it's trivial to upload your own music (I have no idea how to share something via BitTorrent - I think I have to read stuff and run programs etc = very boring. Perhaps it's easier with some clients though).... I mean I could go on...

    2. Re:Why? by Anonymous Coward · · Score: 0

      If you think 'reading stuff' and 'running programs' are "very boring" tasks, what the fuck are you doing on Slashdot?

      Everything you said about bt is wrong, anyway.

      To the fucking dumbshit mod who rated this Informative, just what is being revealed here? Your own ignorance, I gather.

      This site gets dumber every day. Stupid headlines, stupid summaries, old news and decidedly non-technical participants like this assdrip ^^^^ (the parent).

      Now we get to share the same stale air as pro-Bush troglodytes who just pulled their mom's dick out of their mouth long enough to say "SlashLibs, duhhh!".

      The only thing you could go on about is how shitty you are and how badly you suck.

      Go back to Fark or Digg or wherever the fuck ever you squirted out of, mouth breathers!

  5. My way by Anonymous Coward · · Score: 5, Funny

    c:\credit-info.goatse.cx.jpg
    Get's em every time.

    1. Re:My way by Anonymous Coward · · Score: 0

      LOL

      Or tubgirl.

    2. Re:My way by Technician · · Score: 1

      c:\credit-info.goatse.cx.jpg
      Get's em every time.

      It's great if you are doing that on a Linux machine with a SMB share called c:\. You could keep them busy for hours if you seeded the share properly. Include lots of links to your PayPal account, Bank of America, Barcleys, ... the phishing sites..

      --
      The truth shall set you free!
    3. Re:My way by Chapter80 · · Score: 1

      My way
      c:\credit-info.goatse.cx.jpg
      That's YOUR way? I was wondering whose it was.
      You really should see a doctor.
  6. Search for 'Resume' by 0100010001010011 · · Score: 4, Interesting

    An old Kazaa trick I used to entertain myself back in the day. Mainly to see what NOT to do on a resume, but you could get pretty adequate information from them. Some people included birthday, SSN, other stuff that should never be on a resume.

    Fun times.

    1. Re:Search for 'Resume' by langelgjm · · Score: 3, Interesting

      Yeah, we used to do this on a college file-sharing network. We'd search for files that were on the root of the drive, like "io.sys", and find all the people who were sharing their entire hard drives. Then we'd root through their documents and find compromising pictures of them and make fun of them in the main chat, usually followed by the advice "STOP SHARING YOUR ENTIRE DRIVE."

      There was also a correspondence between assigned IPs and the different dormitories, which was apparently easy enough to figure out, with the result that the ops often freaked out new users by telling them where they lived.

      --
      "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
    2. Re:Search for 'Resume' by 0100010001010011 · · Score: 3, Interesting

      I forgot about this one. We had a student at my first university that put up a search engine for the network. Twice a day it'd ping all the computers on campus (1600 students, maybe 800 living on campus) and then store the results in a database.

      It was just a 'dumb' spider so it went everywhere it could.

      jpg would turn up 'private' party pictures. doc's would turn up Resume's and homework solutions... those were the days.

      And we did the same thing you did. Anyone sharing everything would get a nice desktop text file "README". /Anyone remember searchtree?

    3. Re:Search for 'Resume' by ajs · · Score: 1

      I once had someone apply for a network security position who had their SSN on their resume. Needless to say there was no interview.

    4. Re:Search for 'Resume' by Anonymous Coward · · Score: 0

      It could be worse. I once received a resume from a job applicant who'd filled half the space with a description of his love of fighting, his love of martial arts, his love of action films and so on. If there is one cardinal rule for resumes, it is this: don't make yourself look like a fucking nutter.

    5. Re:Search for 'Resume' by Rob+T+Firefly · · Score: 1

      Back in my more active 'zine days, I once wrote an article composed entirely of bits and pieces of personal stuff people were sharing on Kazaa. Fun stuff!

      --
      Slashdot Burying Stories About Slashdot Media Owned
    6. Re:Search for 'Resume' by Sczi · · Score: 0

      My favorite old memory was when 95 or 98 was still shipping with sharing turned on, and I forget the name of the app, maybe searchtree like you said, but I specifically went looking for shared printers and printed out helpful messages for them. The driver network install didn't work, so sometimes it was a bit of work helping these people. I'd usually leave a link to a security app in their startup, but I figure these knuckleheads probably needed the hardcopy the most. If they didn't have a shared printer, I'd pelt them with net send messages, heh.. ahh those were the days. Now all anyone is interested in is making money. Sign of the times I guess..

    7. Re:Search for 'Resume' by Angelyne · · Score: 1

      Maybe he thought he was applying to a dating site.

    8. Re:Search for 'Resume' by Anonymous Coward · · Score: 0

      Yeah...I love dorks that get their rocks off by making inexperienced people look stupid. I had a roommate do that to me nearly a decade ago (yes, C:\ was shared, but I didn't set it up, and had basically no experience with computers at the time).

      What pissed me off was that all he had to do was get off his ass and tell me himself (we did live in the same apartment). Instead, he chose to leave a creepy message on my desktop, then tell me about it offhand sometime later.

    9. Re:Search for 'Resume' by Anonymous Coward · · Score: 0
      WAAA, WAAA, my pussy hurts! my pussy hurts!

      suck it up, you sniveling toad. you got owned, accept it. you were only creeped out by your own ineptitude.

      You didn't just "look stupid" you were, quite literally, stupid.

      SURPRISE!

  7. Startling by Anonymous Coward · · Score: 0

    Newsbreak: Internet can be dangerous to privacy. Film at 11.

  8. Rights at stake by Travis+Mansbridge · · Score: 1

    Just as with any case along these lines, services that may allow crimes to be committed need to be separated from the crimes themselves.

    As far as I can tell, there are many ways to mine for personal information on the internet that do not require the use of P2P sharing programs. In this case, should the usage of the internet as a whole be deemed unlawful?

  9. Old fashion Security by pilsner.urquell · · Score: 1

    I don't keep any sensitive information on my computers, in stead I put all the information I want to secure, passwords, account numbers, on line payment information, and administration info, in a plane old paper address book. Even if someone came in and physically took my computers they would have no access to my accounts. Also, if I want to remove access to all information I simply pick up the one address book and walk away. Yes, it is a hassle to type in the information each time but I don't have to worry about someone breaching my security on a software level and ruining what little life I do have.

    1. Re:Old fashion Security by ScrewMaster · · Score: 1

      passwords, account numbers, on line payment information, and administration info, in a plane old paper address book.

      Just be careful where you throw that paper plane ... it could end up in the wrong hands.

      Sorry, sorry.

      --
      The higher the technology, the sharper that two-edged sword.
    2. Re:Old fashion Security by pilsner.urquell · · Score: 1

      Just be careful where you throw that paper plane ... it could end up in the wrong hands.
      I do own a shredder.
  10. Shared Music Folder by overlook77 · · Score: 0

    I remember when I used Limewire seeing every known file extension shared 'by default' in the settings. It seems like this applied to one shared folder though. Is this not the case (i.e. your entire hard drive is shared) or are people actually sticking non-music files in their shared music folders??

  11. equally amusing by poetmatt · · Score: 1

    From the article: "If you are running file-sharing software, you are giving criminals the keys to your computer," said assistant U.S. attorney Kathryn Warma. "Criminals are getting access to incredibly valuable information."
    This woman sure adds some emotions to her wordings! It's not like she's added any media spin! never! . Sheesh. This woman must be aiming for a job with microsoft. From the last link I just provided: "We know that Robert Soloway is one of the most prolific spammers in the world," Warma said before the hearing. "He has condemned them (his victims) to perpetual spam hell" unless they escape by canceling their domain names or changing their Internet protocol addresses.
    Spam Hell? Although the woman does seem to prosecute for some good causes (people who use botnet attacks, etc), why does it seem like there's an excess of spin in her quotes to people? Seems like she wants to just scream "EEEVILLL" or something.

    1. Re:equally amusing by pilsner.urquell · · Score: 1

      Obviously learned from the best.

    2. Re:equally amusing by pakar · · Score: 1

      It's fun how everyone is twisting information, or just picking numbers out of the sky...
      From the "never!" link you posted.

      "It's estimated that 80 percent of the traffic on the Internet is, in fact, spam."

      http://arstechnica.com/news.ars/post/20070903-p2p- responsible-for-as-much-as-90-percent-of-all-net-t raffic.html
      There we have "P2P responsible for as much as 90 percent of all 'Net traffic"

      I'm not saying that this guy did not deserve this, but i do think about how much more information that might have been twisted.

      And if 90% of all network traffic where spam then a single 10Gbit link should have around 240000 spam-mails per second passing by, or 20736000000 per day...
      And if the Atlantic cables between europe and USA where a total of 100Gbit that would be able to deliver 40 spam-mails per person/day in the world. And there is much more BW than that out there...

    3. Re:equally amusing by Opportunist · · Score: 1

      Logic conclusion: At the very least 72% of P2P traffic is spam. Pr0n spam, most likely.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:equally amusing by poetmatt · · Score: 1
      on a non factual, personal opinion basis I would guess that more than 15 or 20% of the internet is gaming (number of gamers + bandwith requirements on servers), maybe 5-10% specifically is youtube, maybe 5% is porn ads. I don't think its that much anymore since its not neccessarily high bandwith if its a bunch of garbled text full image porn ads are easily blocked by websites, the text is not. I'd guess another 20% is streaming services (non youtube/hdtv/etc), another 20% is bittorrent, and the rest is random things. By the way, what else gets a high amount of overall internet usage?
       



      In fact, why do we not have some sort of actual factual study so that we have a real basis (as opposed to the people that scream youtube is 99% of the world's internet and thus must be sued and pay for the bandwith they already paid for). How much would be involved (time-wise), and who would have to be contacted to start such a data collection? I'm not an expert statistician but I think I'd be interested in gathering some of this data.

  12. It outlines something... by Anonymous Coward · · Score: 3, Insightful

    But not the risk of file-sharing. It outlines the risk of not knowing what your doing. Same could be said about just about everything.

    1. Re:It outlines something... by Jarjarthejedi · · Score: 1

      Exactly. Any, and just about all, applications on a computer can pose a danger to you if you don't know what you're doing and think you do. Those annoying people who claim to know everything about computer and really don't are the real dangerous ones, to themselves and those who believe that they know everything. I know of more than one instance where C: was shared over an open network, because the person had discovered that that allowed them to get their files from another computer and never considered the fact that any computer could get those files. The worst news is that the same type of people who open their system's up to attack are the ones who'll put unnecessary personal information in files, guaranteeing that their identities can be stolen with ease. Generally the people worried about their security, the ones who don't store important data on their computers without some protection (like renaming the extension so a simple .doc check won't find it, or using notepad and saving the file as something strange that's mapped to notepad on your machine) are the same ones who won't open their computer up to attack, meaning that there are a lot of relatively difficult to crack machines with hidden data, and a lot of wide open machines with easily seen data, which is good news for the semi-secured and horrible news for those who don't know what they're doing.

      --
      There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
  13. Re:Well, if you're going to share your financial i by phobos13013 · · Score: 1

    You exemplify such a great attitude towards the world; it helps create what it is. To say, its the users fault for keeping information on his/her personal computer that could POTENTIALLY if not realistically be accessed by people who are breaching someone else's personal space is to misrepresent the problem. Keeping any kind of information, regardless of whether you are "file-sharing" or not does not mean another user has free reign to read/execute/extrapolate that information in any way they see fit. Saying they were asking is shameful! If we reinforced the concept that personal privacy is that and further reinforced the concept of social trust, we could actually live in a world where we didn't have to lock our doors, encrypt our software and live in oppression under the threat of hypothetical terrorists. But instead, the human condition roles on.

    --
    ...and it should be known by now
  14. There's an idiot born every .00013 seconds! Grrr! by Chas · · Score: 1

    Cornhole your system to the universe?

    Y/N: N

    Share your files to [INSERT]

    Y/N: Y

    HAH! TRICK QUESTION! AYBABTU!

    *SCHLORP!*

    Seriously, this reminds me of morons who used to share their entire hard drives out to file sharing apps.

    I remember seeing printouts of peoples' password lists, even full bank account and investment broker information, complete with contact info, and all the personal ID data, etc. All found by people trolling the network for more than just MP3s.

    --


    Chas - The one, the only.
    THANK GOD!!!
  15. File sharing is like Sex by Anonymous Coward · · Score: 0

    File sharing is like Sex, once you've started doing it, it is almost impossible to stop.
    OTOH, there are lots of diseases out there and really bad things can happen with both - but most of the time, it is just fun.

    I guess this explains why I haven't had sex in ... {counting} ... 18 years. Well, that and that I'm a single slashdot reader.

  16. equally wrong by IBBoard · · Score: 1
    This is why you don't let anyone related to legal anywhere near technology:

    unless they escape by canceling their domain names

    Perhaps, but it's overkill. Just change your email address and remove the catch-all. Once you've done that, don't publish in plain text.

    or changing their Internet protocol addresses.

    WTF? that won't even help since the domain will be looked up and converted to the IP address.

    I think what is more accurate (assuming the software only shares what you tell it) is "you're giving criminals keys to get into a single room where everything that you left in there cannot be stolen but can be copied indefinitely". I guess that doesn't have the same media punch as "user was dumb enough to share entire disk drive and not check what was specifically shared".
    1. Re:equally wrong by poetmatt · · Score: 1

      shh, if you use logic with the department of justice, they'll resort to screaming and stomping their feet

    2. Re:equally wrong by PinkPanther · · Score: 1

      And logic makes them forget stuff; forget lots of stuff.

      --
      It's a simple matter of complex programming.
  17. RIAAfia cases could benefit by Anonymous Coward · · Score: 0

    This story proves the argument that some people using filesharing software are not intentionally sharing music files. No one in their right mind would intentionally share their SSN, bank info, etc., that this guy was getting vial limewire. That info was being shared accidentally and not intentionally, and shows it is easy with these programs to accidentally share files you had no intention to share.

  18. Accessing a protected computer? by Twisted+Willie · · Score: 1

    Kopiloff is charged with mail fraud, accessing a protected computer, and two counts of aggravated identity theft. Authorities allege he victimized at least 83 people.

    I can understand the other charges, but accessing a protected computer? I'd think it would be reasonable to assume files that are found on a p2p network are meant to be shared. IANAL, but if he gets convicted for that, wouldn't that allow a "I'm sorry, I never meant to share these mp3's" defense in most, if not all, of the RIAA cases?
    1. Re:Accessing a protected computer? by arivanov · · Score: 1

      If he has used credentials stolen from P2P to access a company or a financial system this charge will very nicely stick.

      --
      Baker's Law: Misery no longer loves company. Nowadays it insists on it
      http://www.sigsegv.cx/
  19. P2P isn't the danger for your security by Opportunist · · Score: 2, Insightful

    Cluelessness is. Plain and simple. Operating something that can potentially compromise your personal and private information without even having the foggiest idea what you're doing is stupid.

    Unfortunately, exactly that conclusion is very hard to understand by stupid people.

    Don't want to learn? No problem. Nobody is forced to be "on the internet". Nobody is being forced to put their private information into their computer. You can live without either.

    But don't blame technology for your stupidity. Do you call your car dangerous and evil if you're too stupid to see the difference between the funny things down there that ruin your shoes (aka pedals)?

    Just to get a car analogy into it again...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:P2P isn't the danger for your security by cortesoft · · Score: 1

      If when you read the article, your thought is "OMG people can access all my files if I use P2P" then you probably are also the type of person who can't figure out how not to share your entire hard drive. It is a valid article in that sense... P2P is a security danger to people who conclude P2P is a security danger after reading the article and probably should stop using it.

  20. Media Company, look at this by shadowrat · · Score: 1

    This is exactly the angle the media companys should leverage. Instead of combating what they perceive as piracy with more complicated and restrictive drm, they should work on the simple solution of providing the best source for their product.

    If the price / convenience / value ratios make you the best source for your product, people will scramble to get it from you. For money even! Back it up with an ad campaign reinforcing how safe and accessible you are and i guarantee you won't lose.

    I wish i was a media company, i would be at profit already.

  21. Re:Well, if you're going to share your financial i by numbski · · Score: 1

    We need xml joke tags on here. :P

    I had a mental image of someone running Windows as Administrator installing Kazaa, Limewire, whatever the p2p 1337 app of the week is, and manually sharing out their whole drive. Of course it's not okay to just abuse things, and there *should* be a reasonable level of security in keeping data on your computer.

    That said, a computer should be operated as non-uid=0, and only switch when critical tasks MUST be done, but hey...that still wouldn't fix this. If I run a file sharing app on my home directory and share out all of ~, all of my personal data is still out there.

    So really there's two strikes on this - 1, the uneducated end user, and 2, the naughty people stealing the data. So....we're more or less helpless to fix either one. So dangit, I'm gonna go get my PS3! (and I'm still kidding....)

    Way to make me think far too hard on something that was supposed to be a flippant "Fist post!" remark. kthx.

    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  22. Re:Well, if you're going to share your financial i by phobos13013 · · Score: 1

    Sorry, my joke filter is off today...

    Well a technical solution to making a mistake about something you don't even understand (inexperienced/ignorant users) is essentially impossible and may be why Win has the problems it has. My gripe really was with blaming the victim in that instance though, well, even if it is a joke. No worries, though.

    --
    ...and it should be known by now
  23. Unprotected sex isn't a risk by Anonymous Coward · · Score: 0

    "Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client."

    The same can be said for Windows. Now why doesn't slashdot give it as fair a shake as it does P2P?

    "As the summary states, there's very little detail in the article about how the information was actually accessed; all that would be required is a few pointers to help people prevent the sharing of sensitive files"

    I'm reminded of a couple years back when a Red Hat distribution came by default with all services running. Must have been some work to secure that mistake.

    "but TFA seems to be following the fear-mongering route instead with quotes like "If you are running file-sharing software, you are giving criminals the keys to your computer"."

    And if you're running IE with default settings "you're giving criminals the keys to your computer".

    "Who wants to bet that a more significant proportion of the information came from that source?"

    A hole's a hole. Doesn't matter who has the bigger one.

    1. Re:Unprotected sex isn't a risk by Anonymous Coward · · Score: 0

      (off topic) "A hole's a hole. Doesn't matter who has the bigger one." I tend to disagree on this for multiple reasons. Let a female know that, just because her hole is MUCH bigger then someone else's don't worry a hole is a hole. ;-) Don't forget to duck

    2. Re:Unprotected sex isn't a risk by Danse · · Score: 1

      "Precisely. Preventing personal data from leaking onto P2P networks is simply a matter of proper configuration of the client." The same can be said for Windows. Now why doesn't slashdot give it as fair a shake as it does P2P? There's a difference between configuration problems and actual security vulnerabilities like buffer overflows and such. This article is making is sound like there are actual vulnerabilities in the P2P app, rather than people just being dumb and configuring it to share their entire C drive or something. That can be fixed by a little user education. An actual vulnerability would require a patch to fix.
      --
      It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
    3. Re:Unprotected sex isn't a risk by billcopc · · Score: 1

      The vulnerability is between the keyboard and chair. Norms get lured onto these sketchy p2p networks to get "free" music and movies, but they haven't a clue what they're actually doing and the implications of various configuration options.

      I'm sure that if someone released a Napster-style P2P app that defaults to sharing the entire contents of your hard drive, many people would praise it for having so many files available. People don't bother, they just install the program and within seconds they're playing a 50-cent tune... Next, Next, Finish, Download! They don't even read the big red bold flashing messages... heck, they don't read the buttons they're clicking! So many times I've had people say "This program won't install" because the Next button turns into a "Cancel" button until you read the EULA or similar... that's how dumb the average computer user truly is.

      --
      -Billco, Fnarg.com
    4. Re:Unprotected sex isn't a risk by Danse · · Score: 1

      I'm sure that if someone released a Napster-style P2P app that defaults to sharing the entire contents of your hard drive, many people would praise it for having so many files available. Right, and that would be a problem with the default settings of the application, and something that the app creator should address. A problem similar to the default password situation that Microsoft used to have with SQL Server, or that Linksys has with their home wireless routers. However, if the person decides to change the default to share their entire drive, that's not a problem with P2P software, it's a problem with the user and should be presented as such. This article doesn't even attempt to address the real problem. It just includes hysterical, uninformed quotes like, "If you are running file-sharing software, you are giving criminals the keys to your computer".

      Nobody can prevent stupid people from doing stupid things, but you can at least make the attempt to inform the uninformed so that they might not make the mistakes that would put them at risk. Making blanket, patently false statements like the attorney did doesn't help anyone.
      --
      It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
    5. Re:Unprotected sex isn't a risk by billcopc · · Score: 1

      My point was that users would actually like that sort of security vulnerability, because to their untrained eyes, the vulnerability is invisible...

      If you buy a car, whose locks can be opened by every key issued by that auto maker, you won't know until someone drives off with your car; and even then, you might assume they just used the good ol' slim jim then shorted your starter. You won't realize your car is vulnerable until an "expert" finds out and tells you, in simple terms, why your car sucks.

      Same thing with software and users. They're just not qualified to perform that kind of analysis. You can give them quick tips like "don't share your entire hard drive", but that won't stop a malicious app from sharing their C:\Documents and Settings... the user doesn't know their personal registry trunk is stored in there, right where an intruder could snap it up and find all sorts of fun things like passwords and URL histories.

      So we tell car owners to not leave their doors unlocked, but can we really expect them to tell a good lock from a bad one ?

      --
      -Billco, Fnarg.com
  24. The value has reached zero by cdrguru · · Score: 1

    The problem now is the value of recorded music is zero. Nobody I know pays. Why would they? Safety? Convenience? When a small bit of common sense will protect you from the robbers and thugs out there and everything you want is available?

    No, the crash is going to come pretty soon I think. Anyone "selling" music is doomed, as is their entire infrastructure. If you create graphics for bands who pay you from music sales, better find a new job. If your job is supplying plastic for jewel cases used by CD manufacturers for music CDs, better find a new job. If you are a network admin for a advertising agency used by bands or record companies, better find a new job.

    How far will this spread? Far. Really far. And I don't see any way to avoid it. No matter what the RIAA would like to do, they can't stop people outside the US sharing stuff into the US. And they can't stop everyone with a computer in the US taking advantage of the sharing. Today elementry school children learn how to use sharing software for what they want. Pay for it? They have no money. But they learn it is all out there for free and no need to pay by 4th grade. There is no way you are going to convince these children when they grow up they have to pay for something that is clearly available for free.

    1. Re:The value has reached zero by jafiwam · · Score: 1

      Take your white washing elsewhere.

      Last time I checked, RECORD COMPANIES make money from CD sales. BANDS make money from live shows and merchandise. There are a few big name exceptions to this, but for the average "known only to college students that think they are hip" bands, they make squat from CDs.

      So, expect RECORD COMPANIES to collapse. (Which is a good thing, as they, along with the classic buggy whip makers are outdated.)

      I know about 5 bands that are very small, play live a bit, and released their own CDs with nothing more than a computer, a bit of sound software, a stack of CDs, and lots of time. They then sell those CDs directly themselves at shows, keeping all of the profit themselves. Once they get more popular and have more money, it becomes trivially easy to scale the process up. The only thing blocking wide distribution, is gee, imagine that, the big record companies.

      So, no, file sharing is not that big of a threat to music and bands. The record companies on the other hand, need to wake up and smell their own rotting corpses.

      That's not to mention collections of MP3s are full of stuff that wouldn't get purchased anyway. So there is zero loss to the record company. No way am I going to pay for .36 special hits from the 80's, but I might download them and listen to them a few times.

    2. Re:The value has reached zero by gstoddart · · Score: 1

      The problem now is the value of recorded music is zero. Nobody I know pays. Why would they? Safety? Convenience?

      Supporting the artist is why I do it.

      See, the music has value to me in that I want to hear it, and I want to support the people who produce the music I want to listen to. That way, they'll make more of it. Cause otherwise, all that's left is Brittany and whatever other dreck is in the charts.

      I can't stand the *AA's either, but the people who actually produce music, do produce something which has value to me that I wouldn't get elsewhere. I spend about $700-$1000/year on CDs. Mostly from record labels and artists who have consistently brought me music I like to listen to. None of whom are 'mainstream' artists.

      While your sentiment is widespread, some of us really prefer to have the physical CD, and to make sure our artists are paid. Certainly, it's under pressure from people who can't see any value in or point in paying. But, it's by no means an obsolete belief that buying the music you like is a ridiculous idea.

      Now, do I then rip my CDs to MP3s that I use to make mixes and play my music wherever I might be? Absolutely. Will I give a mixed CD to friends to introduce them to some stuff they'd never have heard of? Absolutely. Will I share the MP3s online or give out whole copies of albums? Nope (unless the artists has a share freely policy).

      Who knows, maybe I just have an old-fashioned view of such things. But, I can't be the only one who still actually buys CDs. People who produce non-sucky music are people I want to stay in the industry; there's so few of them IMO.

      Cheers
      --
      Lost at C:>. Found at C.
  25. Sue the programmers! Seriously.... by Simonetta · · Score: 1

    The user's computer exposure to web criminals was not due to the user's lack of attention to minute details of the program, but by the criminal negligence on the part of the programmer to shield the user's data from his program's access.

        In other words, the programmer of the P2P software is at fault for allowing his program to default into a dangerous state! The P2P program should be forcing the user to create a new and specific folder on the hard disk for files that will be shared. Then the shared files must be specifically moved to this folder in order to be accessed by other users of the P2P program.

        The days when a programmer can claim that a user was at fault for the consequences of poorly-designed software are gone. To claim otherwise is a throwback to the 1970s when it could be expected that computer users were tech professionals and therefore could be expected to plow through hundreds of pages of manuals to become aware of these 'gotcha' defects in a program's structure.

        Also it is important that the computer professional community supercede the legal authorities in punishing criminals who use the web for identity theft and other computer crimes. We need to hunt these bozos down and punish them. Not by killing them, maiming them, or imprisoning them, but by ensuring that they don't have access to computer networks again for long periods of time. Or by deleting their bank account records and the computer profiles that all people need in advanced societies. Our punishment should exceed the legal system. The criminals who use the web that we created for crimes against the people that we serve should fear us more that any legal authority. Tracking down complex computer criminal cases takes a lot of work and resources from the law enforcement structures and these resources can be better used on other crimes that we are not able to solve.

        And we should stop releasing junk software through open source and delude ourselves into believing that we are doing someone a favor.

  26. try .tax by Chapter80 · · Score: 5, Informative
    In April, it's fun to search the file sharing networks for ".tax" files (and other common files used for tax returns by Turbo Tx, Taxcut, etc.)

    I would never recommend viewing such information or committing any crimes, but it's interesting to see one IP address with tens or hundreds of tax returns shared. If you hire an outside tax preparer, be aware!

    Imagine - your SSN, name, address, a list of banks that have paid you interest, a list of stocks that you own, your taxable income and amount of tax paid (which the IRS uses as proof that you are who you say you are, if you perform an online inquiry), etc.

    And the victim doesn't even realize that their PAID PREPARER is sharing the information with the world! No lie! There are hundreds available every April!

    PS, Don't try to call any of the individuals and tip them off - they have a tendency to shoot the messenger!

  27. Re:There's an idiot born every .00013 seconds! Grr by Anonymous Coward · · Score: 0

    seriously, this reminds me of morons who used to share their entire hard drives out to file sharing apps.

    maybe it reminds you of that because it is exactly what they are talking about.

    I got into this for a minute, cookie files are pretty fruitful as well...

  28. meh by Pojut · · Score: 1

    I've been a torrent monkey for a little while now...although, I was HUGE into Hotline back in its hayday.

    By the by, anyone know if Hotline is still functional and in use?

    --
    Living With a Nerd
    1. Re:meh by bruns · · Score: 1

      There are still a few hotline servers left active, as well as several trackers.

      http://hotline.tracker-tracker.com/public/

      The official client is kinda... clumsy, and since Hotline SW isn't in business anymore, no more updates. But there are a few open source clients and the official client works under XP still.

      --
      Brielle
    2. Re:meh by Pojut · · Score: 1

      wow...tracker-tracker is still up? sweet. Looks like I will be reacquainting myself with an old friend tonight...

      --
      Living With a Nerd
  29. risks with peer-to-peer? by nurb432 · · Score: 1

    No, its the risks of non-technical people using a computer. Give people a terminal instead of a 'PC', and problems like this go away.

    --
    ---- Booth was a patriot ----
    1. Re:risks with peer-to-peer? by schweinhund · · Score: 1

      If you line of thinking were to be followed, it would hasten the death of the general purpose computer. If the non-technical masses were to be using these 'terminals', then the general purpose machines would be mostly relegated to hobbyists and business use.

    2. Re:risks with peer-to-peer? by nurb432 · · Score: 1

      I dont see a problem with that scenario. Though i think that a PC in 'buiness setting' is also overkill and unsafe. Business users dont need any more power then a terminal ( think thin-client movement )

      --
      ---- Booth was a patriot ----
    3. Re:risks with peer-to-peer? by freedom_india · · Score: 1

      WHAT? And let them share the entire server's drive via P2P???

      Listen as long as there are idiots, no software can be safe.
      Howmuchever security you build into a software is based on the assumption that an intelligent user will try to break it.
      Like the saying goes, fools sometimes rush in and get the job done where angels fear to tread.

      dumb people do stupid dangerous things.

      --
      "Doing what i can, with what i have." ~ Burt Gummer
    4. Re:risks with peer-to-peer? by nurb432 · · Score: 1

      If the provider was running things properly the end user would have to request the software to be installed and configured. ( if it wasnt already and only needed access ) They wouldn't be able to do it on their own and hose things up due to lack of appropriate rights.

      If the 'entre server' was shared, or the end user was able to even install an application, its the providers fault and they should be shut down.

      --
      ---- Booth was a patriot ----
    5. Re:risks with peer-to-peer? by schweinhund · · Score: 1

      There are big problems with that scenario.

      The problem with the death of the PC is that once that happens, people will be relegated to basically using glorified game consoles for their 'computing'.

      DRM and content restrictions will be at the beck and call of the manufacturers and their cohorts/sponsors (RIAA, MPAA, etc.) and our essential freedom of the press will be limited.

      I don't see any solid technical reason for thin clients to take precedence. Sun never got anywhere far with them. Power consumption is becoming less and less of an issue with low power CPUs and flash drives consume less than traditional hard drives.

      Where's the advantage?

    6. Re:risks with peer-to-peer? by nurb432 · · Score: 1

      The infrastructure wasnt in place when SUN tried it.

      Its almost there now.

      --
      ---- Booth was a patriot ----
  30. Basic Information security by UninvitedCompany · · Score: 1

    This is the consumer equivalent of the age-old problem in the corporate world of printing something to the wrong printer, something that resulted in many a red face and more than a few leaks of confidential information. It is an information security problem -- how do you prevent a user from erroneously placing confidential information in an insecure space? The problem is the same whether the insecure space is a printer, an extranet site, or a directory structure shared by a file sharing program.

    Systems designed for handling a mixture of documents of varying sensitivity deal with this by classifying the documents and then refusing to send secure documents to insecure resources. Sooner or later, one would hope that such systems will become practical for home users, although in a world where people still surf the web from their admin account we have a long way to go.

    That P2P was involved is mere happenstance, since many other communications utilities (drive sharing in Windows Networking, for example) can be misconfigured the same way. You would think that AUSA Warma would be smart enough to realize that rather than treat this as a risk categorically unique to P2P.

  31. stop sharing your c: drive by HelloKitty · · Score: 1


    ok, people stop sharing your C:\ drive! WTF! you're basically asking for people to steal your stuff then...

    --
    music - http://www.subatomicglue.com
  32. Re:Well, if you're going to share your financial i by Danse · · Score: 1

    Well a technical solution to making a mistake about something you don't even understand (inexperienced/ignorant users) is essentially impossible and may be why Win has the problems it has. Articles like this one don't do anything to improve the situation though. Instead of telling people that they shouldn't share their entire hard drive with their P2P app, and explaining how to prevent that from happening, it just goes off and rants about how P2P apps are so dangerous and they're stealing your data and letting anyone get all your files! Makes me wonder who's behind this story...
    --
    It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
  33. No Accident by nmos · · Score: 1

    The user's computer exposure to web criminals was not due to the user's lack of attention to minute details of the program, but by the criminal negligence on the part of the programmer to shield the user's data from his program's access.

    I'd go further and say that in at least some cases automatically sharing everything (or at least all media files) is an intentional (mis)feature of the P2P programs. The folks that make these programs often gain from the popularity of their programs either through advertising or through sales of paid versions and the easiest way to become popular is to make sure there is plenty of stuff for users to download. Of course the cheapest way to get content onto the network is to get users to provide it automatically.

  34. Idiot-proof... by rtechie · · Score: 1

    Shockingly, if you share your entire hard drive in P2P that WILL include all your personal information and people WILL take it and possibly do bad things with it. Most P2P software actually includes warnings against doing this and by default, only shares a specific created directory. Users would have to manually add their whole hard drive.

    To put it another way: Complete dipshits shouldn't be using P2P.

    I can live with that.

  35. Re:Well, if you're going to share your financial i by skeeto · · Score: 1

    I saw "sharing C" and thought, "What's wrong with sharing source code over P2P?".

  36. Filesharing is a great way to backup stuf!! by Rexdude · · Score: 2, Funny

    1) zip Backup.zip ~/stuff
    2) mv Backup.zip ~/Kazaa/share/Britney&ParisDoAHorse.mpg
    3) ??
    4) Profit!!

    --
    "..One hosts to look them up, one DNS to find them, and in the darkness BIND them."
  37. Obligatory bash.org quote by Rexdude · · Score: 1

    lol
      I download something from Napster
      And the same guy I downloaded it from starts downloading it from me when I'm done
      I message him and say "What are you doing? I just got that from you"
      "getting my song back fucker"

    --
    "..One hosts to look them up, one DNS to find them, and in the darkness BIND them."