Download music, share bank account info for free on P2P networks
Fire sharers may unwittingly be exposing sensitive data on their computers
Computerworld - It's not just the Recording Industry Association of America that people need to worry about when downloading music from P2P networks.
A surprisingly high number of consumers sharing music and other files on peer-to-peer systems are inadvertently exposing all sorts of bank account and similar personal information on their computers to criminals lurking on the networks to harvest data. And it's not just users at home who are exposing information about themselves; so are a large number of employees within banks, as well as banks' contractors and suppliers.
That's the conclusion of a study on the dangers of inadvertent data disclosure on file-sharing networks that was conducted by Dartmouth College's Tuck School of Business.
The study examined data involving P2P searches and files related to the top 30 U.S. banks over a seven-week period between December 2006 and February 2007. The university used a search engine technology from Tiversa Inc. to gather and analyze all P2P traffic that mentioned those banks by name or mapped to a specific digital footprint that Dartmouth created for each financial institution. Data was gathered from P2P networks such as Gnutella, FastTrack, eDonkey and BitTorrent.
The analysis showed that a large number of searches made on those networks were aimed at uncovering sensitive financial data from individuals, said study author Eric Johnson, a professor of operations management at the school's Center for Digital Strategies. "Our analysis clearly reveals a significant information risk firms and individuals face from P2P file-sharing networks," he said.
When people use popular P2P clients such as Kazaa, Lime Wire, BearShare, Morpheus and FastTrack, they often are sharing far more than just media files, Johnson said. "In many cases they are sharing the contents of their entire hard drive" with others on the file-sharing network, Johnson said.
That's because many of these client tools are designed specifically to quickly search for and share certain types of media files on a user's system. Johnson said, Normally, such P2P clients allow users to download files to and share items from a particular folder. But if proper care is not taken to control the access that these clients have on a system, it is very easy to expose far more data than intended, he said.
There are several ways this can happen, Johnson noted in his research paper. For instance, when a music file is accidentally dropped into a folder containing other data, the contents of the entire folder could end up being shared on a P2P network without a user's knowledge. Many P2P client software tools have confusing interfaces that could result in users sharing folders that they did not intend to. Similarly, some file-sharing apps feature wizards that scan an individual's computer and recommend folders containing media to share. If a sensitive file exists in one of those recommended folders, it could get exposed, Johnson wrote in his research.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts