P2P

The H-Security: The BitTorrent company has confirmed that its uTorrent servers were hacked on Tuesday 13 September and, for almost two hours, anyone downloading the uTorrent client software from the servers received a scareware fake anti-virus package instead. The malware package has been identified as belonging to the “Security Shield” family of scareware; once installed, it falsely informs a user that malware has been detected on their machine and requests payment in order to clean the system. ...

File-sharing organization Pirate Bay has been controversial for a long time, like maybe the length of its entire existence. It’s been in the news recently because a number of governments are trying to shut it down. That’s a situation ripe for social engineering. We found this scheme this morning: a number of typo-squatting sites carrying the following. (Note: the REAL Pirate Bay site is thepiratebay.org.) What would lead a victim to this? The phony site piratebay.com (below) comes up as the third result on a Google search for “piratebay” or fourth for “pirate bay.” ...

At the ShmooCon hacker conference in Washington, D.C., last week two security researchers showed the very sensitive information that people inadvertently make available over peer-to-peer networks. In their presentation, “Information disclosure via P2P networks: Why stealing an identity via Gnutella is like clubbing baby seals,” pen testers Larry Pesce and Mick Douglas said they found a lot of music, porn, malcode collections and the following: driver’s licenses, passport and tax return forms with Social Security numbers; someone’s will A retirement analysis form with savings account totals and income estimates; An IRS form with taxpayer identification number; A completed Turbo Tax form with personal information filled in. The two have started The Cactus Project to help security specialists do similar research to help organizations tighten up the information they share over P2P. They list best-of-breed tools for conducting the research, including Mutella and the Gnutella Protocol on their site http://pauldotcom.com/cactusproject.html. ...

I’ve been saying this for a long time. P2P networks are have the risk of accidently getting something you really don’t want… Matthew White, of Sacramento, California, has found himself in a rather unfortunate situation; he’s been accused of downloading child pornography. On the advice of his public defender, White is pleading guilty in hopes of cutting his potential 20-year sentence down to three and a half years. After serving his time, White will have to serve 10 years of probation and register as a sex offender. ...