Sign in to follow this  
Followers 0
Spyril

P2P Mining

6 posts in this topic

http://arstechnica.com/telecom/news/2009/0...ring-snafus.ars

This is interesting stuff - people inadvertently sharing sensitive personal documents on P2P networks. It might be interesting to have a poke around at some government and business sites, find the filenames of some commonly-downloaded documents that pertain to digital forms, printable copies of tax reports, certificates, etc, and then search for those names on torrent sites, to see what turns up.

Edited by Spyril
0

Share this post


Link to post
Share on other sites

It is hard to believe some people would just share, C:\, on those networks... Sharezea would publicly identify each host by IP and allow browsing of the shared folder... I would always look for an IP sharing both SYSTEM and SAM files..

There were loads of other interesting stuff as well.

0

Share this post


Link to post
Share on other sites

I remember looking for sensitive documents (for the heck of it) using the Gnutella network a number of years ago. I found bucketloads. This isn't new though. Articles have been covering this very issue since P2P hit the mainstream back in 2000.

Here's an article discussing this, in 2003.

Just one day after it was introduced, the House Government Reform Committee approved legislation Thursday aimed at protecting the security and privacy of federal agency computers from the risks posed by peer-to-peer (P2P) file sharing. No comparable legislation has been introduced in the Senate.

Both the House and the Senate have already implemented security measures against P2P security threats through both technical and non-technical means, including firewalls and employee training. The Government Network Security Act of 2003 (H.R. 3159) would require the Executive Branch to take similar steps.

Under the Government Network Security Act of 2003, federal agencies would have six months to develop and implement P2P security plans. The General Accounting Office would have an additional year to review the plans and report to Congress on the results of the review together with any recommendations.

...

Installation of P2P software on government computers can expose this sensitive information to the public.

A Committee on Government Reform staff report issued in May showed how through a "couple of simple searches" of the most popular P2P programs, personal information such as tax returns, medical records, and confidential legal documents and business files were found.

Edited by Seal
0

Share this post


Link to post
Share on other sites

I've also done the same thing as ^^ Seal. I used to search for keywords and file extensions like: *.xls *.doc etc. on the Gnutella network and found at least few dozen sensitive documents with personal information. (IE: Family will's, tax records, resumes, ss#'s , personal budgets)

0

Share this post


Link to post
Share on other sites

I used to do this to. I would search for things like cmd.exe or calc.exe. If i could find these files it was probable that they were sharing the whole c:\ drive. A quick "browse all users files" turned up loads of stuff :P

Havent tried it in years. I might try it again soon and see if anything interesting turns up.

0

Share this post


Link to post
Share on other sites
I used to do this to. I would search for things like cmd.exe or calc.exe. If i could find these files it was probable that they were sharing the whole c:\ drive. A quick "browse all users files" turned up loads of stuff :P

Havent tried it in years. I might try it again soon and see if anything interesting turns up.

Nice strategy.. actually you don't have to go as far as p2p if you just know to feed google with the right keywords, but because of the nature of p2p as a file sharing network, p2p could actually be more efficient when searching for sensitive documents.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0