Post

A rather Phony Attack on Peer-to-Peer File-Sharing Applications

July 30, 2009 ,

This would have been a funny story, destined for the “weird” section of the hallway bulletin board.  Unfortunately, someone is taking this so seriously that we’ve now had a Congressional hearing that lambasted the publisher of LimeWire software for security flaws that the software doesn’t have!

But now, a public-service announcement: top-secret files don’t belong on computers that have unrestricted access to the Internet.  In fact, there are a whole set of rules to keep classified material from mixing with “normal” computers.  If some classified file has wound up on the Peer-to-peer file-sharing networks, then something has gone terribly wrong many steps before that happened!

So, here’s the breakdown:

Limewire is file-sharing software. It’s feature-rich, stable, and mature. It’s also not very popular — a distant third in the popularity polls behind #1 BitTorrent and #2 Emule. 

Limewire, like most other file-serving software, used to let the user choose a directory for sharing.  Anything in that directory was shared.  Many users pointed it to their Music folder.  Some users screwed this up and pointed it to the root of C:, which shared everything.  This wasn’t exactly a Limewire bug, but a user-misconfiguration issue.