P2P Incidents -- and Congressional Scrutiny -- Grow

Carl Weinschenk

A Government Reform Committee meeting earlier this week focusing on the security implications of peer-to-peer (P2P) networking apparently led to fireworks.

 

CNET reports that lawmakers from both parties grilled Mark Groton, the chairman of P2P software provider Lime Wire. Senators maintained that in some cases P2P endangers national security, violates copyright law, and intrudes on people's privacy. Committee Chariman Henry Waxman (D.-Calif.) said that he is considering laws aimed at file sharing.

 

The Congressional scrutiny is coming as more industry attention is trained on P2P security. Last week, Prolexic released a report that said P2P is being used to launch distributed denial of service (DDoS) attacks. This story at BCS suggests that the trend, which was first noticed in April and May, is part of an overall move toward exploiting Web 2.0 interfaces to commandeer machines. P2P is being used by criminals to help form botnets, experts say.

 

It's not difficult to find examples of the dangers of P2P. For instance, this TechWorld piece says a policeman with the Tokyo Metropolitan Police Department using the Winny file-sharing program inadvertently made 6,600 documents on his hard drive available to outsiders. Among the data was a list of vital information on as many as 12,000 people, the location of crime-fighting license plate readers, and the names and addresses of 400 members of a criminal gang.

 

The story says the policeman denied having the program, which earlier was responsible for compromising security at a nuclear power station run by the Chubu Electric Power Company.


 

Another recent example was installation of P2P software in a laptop used by a Pfizer executive that made vulnerable sensitive information on about 17,000 employees.

 

Experts say the fault lies with users, who don't understand file sharing and install in a way that makes their entire C: drives vulnerable to outsiders.

 

Ari Tammam, a vice president at Promisec, told IT Business Edge that, outside of instant messaging, there is no real need for P2P and that it should be limited. There are a number of approaches, from total bans to limits on usage and content monitoring. Corporate cooperation is best gained, Tammam says, by showing real-world examples of people wasting time and company resources by using P2P programs.



Add Comment      Leave a comment on this blog post
Jul 29, 2007 1:20 AM Dobbs_Head Dobbs_Head  says:
Because a few people were too uneducated about computer systems that they set themselves at risk the rest of us should have to face restrictive laws that stop us from running what code we want on the computers we own? A corporation is a private entity, it should be able to establish what limits it wants on the software on its machines, but the government has no right to get involved.Yes, P2P networks routinely violate copyright laws, but that is less a statement of how P2P networks are bad and more a statement on how current copyright laws are broken. If laws make otherwise law-abiding citizens into criminals, then the laws themselves need to be revised.The government has no right to say what code can and cannot be run on my machine. For that matter, no corporation can dictate the same. Once I buy it, it is mine to do with as I please. Reply
Aug 1, 2007 1:31 AM Napoleon Courtney Napoleon Courtney  says:
The last time I checked P2P software didn't come pre-installed on a computer, and as far a company is concerned a little more scrutiny by the IT department would solve a lot of these problems in an enterprise setting by only allowing the System Administrator to install software especially if the laptop or computer is own by the company.As for individuals personal computers following the instructions in the software, an individual can choose to only share certain files or folders on their computer. Instead of using Limewire, Bit Torrent is also another software option that has been another P2P client that has offered a complete package. A person merely has to search the web for hosting torrent files where complete music albums, movies, software applications and other needed files as e-books can be located here as well. While Limewire offers the same genres for download, Bit Torrent offers a broader one covering full music albums, and a safer screening process. Bit Torrent has been known to conduct a closer screening procedure for its torrent files and has been more religious in maintaining security since some mischievous files are still bound to sneak past them.. Reply
Aug 1, 2007 1:38 AM Napoleon Courtney Napoleon Courtney  says:
The last time I checked P2P software didn't come pre-installed on a computer, and as far a company is concerned a little more scrutiny by the IT department would solve a lot of these problems in an enterprise setting by only allowing the System Administrator to install software especially if the laptop or computer is own by the company.As for individuals personal computers following the instructions in the software, an individual can choose to only share certain files or folders on their computer. Instead of using Limewire, Bit Torrent is also another software option that has been another P2P client that has offered a complete package. A person merely has to search the web for hosting torrent files where complete music albums, movies, software applications and other needed files as e-books can be located here as well. While Limewire offers the same genres for download, Bit Torrent offers a broader one covering full music albums, and a safer screening process. Bit Torrent has been known to conduct a closer screening procedure for its torrent files and has been more religious in maintaining security since some mischievous files are still bound to sneak past them.I don't really think this is a matter for the government, they should be more concerned with the fact that several of their laptop computers have just up and walked away from people who had information on them that should never have left the office. If was necessary for these individuals to take work out of the office, then at the very least these computers should have had encryption software installed to protect the folders and files. Clean up your own house before you try to clean another. Reply
Aug 1, 2007 4:57 AM rocoyanna rocoyanna  says:
leave my p2p alone. what i do at home is my business alone. at the work place it is only right companies should be able to restrict any internet access they wish. they are paying for it. you want to download, do it at home. basta! Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.