- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Contractors and U.S. government employees are sharing hundreds of secret documents on peer-to-peer networks, in many cases overriding the default security settings on their P-to-P software to do so, according to a company that monitors the networks.
Robert Boback, CEO of P-to-P monitoring service vendor Tiversa Inc., and retired U.S. Army General Wesley Clark, a Tiversa board member, said the company found more than 200 sensitive U.S. government documents during a recent scan of three popular P-to-P networks. The two testified earlier this week before the U.S. House of Representatives Oversight and Government Reform Committee.
Among the files shared: Physical threat assessments for multiple cities, including Philadelphia and Miami; a physical security attack assessment for a U.S. Air Force base; a detailed report from a government contractor on how to connect two secure Department of Defense (DOD) networks; a document titled, "NSA (National Security Agency) Security Handbook."
Many lawmakers directed their criticism toward the Lime Group LLC, distributor of the popular P-to-P software Lime Wire, during a contentious hearing Tuesday. But Boback, in a later interview, said his testimony wasn't intended to cast blame on Lime Wire.
In many cases, P-to-P users override the default security settings in the software. In Lime Wire, the default setting allows users to share files only from a "shared" folder, but many users apparently override the default settings, ignore warnings from the software, and share their entire "my documents" folder or other folders, Lime Group CEO Mark Gorton testified.
In other cases, government employees or contractors apparently ignore policies prohibiting the use of P-to-P software on computers containing sensitive government information, witnesses testified.
P-to-P users can also download files with hidden executables that can index the entire hard drive, Boback said, and that can create victims of even expert computer users. But the fault doesn't lie with Lime Wire or other P-to-P vendors, he added.
"It's the malicious user writing code that will expose the entire hard drive," he said. "Just because that user is a Lime Wire user, it makes it look as though Lime Wire indexed their system, when actually it was an executable within a download."
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment