Tuesday, July 24, 2007

P2P Protection

What happens when you deliberately put a real debit card and pre-paid phone card out on a peer file sharing service and measure how it long before someone tries to access the cards and drain them of any value? About a week, according to an experiment conducted by Tiversa, a company who sells P2P protective software.

The results were reported in congressional testimony today.

The researchers put a file called "credit card and phone card numbers.doc" on a PC running Limewire inside a shared directory, as part of a test earlier this year. Within a few days, dozens of downloads were tracked, and soon the total value stored on both cards was depleted.

This is a very real scenario. While I won't get into whether P2P file sharing is legit, plenty of people are running this software on their PCs, and they may easily place files in the shareable folder that contain equally sensitive information. The problem is compounded if these services are being run from corporate-owned PCs, too.

So let's try something out. If you are running a sharing service on your PC, take a moment now and see if you have made yourself an inadvertent target:

Have you set up your entirely hard drive as shareable? Not a good idea. At least change the setting to just the folder where your media files are located.

Is your hard disk not very organized, and you don't pay much attention to where you store your files? Now is the time to look. The Tiversa researchers found dozens of copies of passports and birth certificates, hundreds of copies of tax returns, and federal student aid applications when they did a quick search of the Gnutella network. It didn't take them very long to find this stuff, and when they downloaded a few samples they seemed like the real McCoy.

Did the file sharing software add other folders besides the one where you knowingly store your music and videos? They are good at finding all of your media files elsewhere, and if you have an MP3 in the same place where you have your Quicken data, you could be in trouble. Spend some time cleaning house now.

Do you do work on a PC that is also used by your teenagers? You could have saved a work document in a shareable folder by mistake, or not realized that later on the folder became shareable. In a recent study by Osterman Research, 71% of employees answering the survey have checked work-related email from home on a non-work owned computer. Work is being done away from the office more often all the time.

You have been warned.

About Me

My photo
David Strom has looked at hundreds of computer products over a more than 20 year career in IT and computer journalism. He was the founding editor-in-chief of Network Computing magazine, and now writes for Baseline, Information Security, Tom's Hardware, and the New York Times.