Peer to Peer technology has been around now for a few years, applications such as BitTorrent, iMesh, eDonkey, and Grokster use a series of computers as a network allowing individuals to share files back and forth between each other without relying on a central location. These networks create a very stable and reliable way to share information, however, there is a dark side to this sharing of information.
- Copyright Infringement - This sharing of files can very easily lead to violation of Federal and State copyright laws. It is against the law in the United States to copy intellectual property without permission of the copyright holder. Many of these applications will claim that there downloads are legit and that downloading from them will not get you into any trouble, however, we recommend that you read the small print that states that only certain downloads are legit, better yet, use an application that you purchase your files from.
- Bandwidth Violation - Many of these applications rely on high bandwidth providers, such as university systems, to provide a high quality of service for their downloads, as such when these applications are run on these types of networks they provide very fast downloads, and at the same time degrade the network for legitimate uses of the university such as research and business use of the campus.
- Possible Data Breaches - File sharing is exactly that, sharing of files, these programs are designed to share files, and improperly configured applications can make any and possibly all files on your computer available to anyone else using the same P2P network that you are using. We have seen tax records, social security cards, immigration records, bank account statements, and many other very sensitive information shared with the P2P online world.
- Malware Infection Vector - Many malware writers use P2P applications to spread their tools to unsuspecting downloaders, with the promise of "free software" comes the very real possibility that you are opening your computer to an infection that could expose your credit cards, bank accounts, and who knows what else to criminals.
Peer to Peer technology is a great tool for quick downloads, but while on the campus of NDSU, we suggest you uninstall any of these types of applications.
April 15, 2014
The Internet was stunned to learn of a significant vulnerabilty to security this last weekend. OpenSSL, an application that is used by software and services throughout the Internet for authorization of legitimate websites was found to have a core flaw. Essentially anyone from anywhere could send a specially crafted packet to a service or site using OpenSSL, asking if the server is still accepting communications and the server would return up to 64 Kilobytes of what was in its memory at the time of request. This return could be username and passwords, or documents, or even security certificates. The OpenSSL foundation responded and fixed the core code of OpenSSL, but there are still hundreds of thousands devices, or services that still are running the old version of the software. Please check for updates on your devices, and change any passwords for sites you maybe concerned about. However, only change those passwords after a site has patched their services, and revoked their old security certificate and created a new one.
December 5, 2013
Over 2 Million passwords to popular webpages discovered.
In Mid June, Trustwave Spiderlabs researchers were able to view information in the Pony Botnet controller that indicated that there were over 650,000 website credentials that had been harvested by this particular botnet, which, is fairly widespread. On Tuesday they announced that upon a more detailed look that over 2 million passwords have been harvested by this botnet. Many of these services have now been notified and they are taking corrective action on those accounts that have been compromised.