Tuesday, August 16, 2022

Researchers see P2P software as security risk

P2P file-sharing software poses a massive security risk, researchers have warned.

One plug-in designer for the hugely popular eDonkey program (two million clients and counting) has revealed that a simple plug-in can provide unlimited disk and sockets access, the ability to run programs on the local machine and an opportunity to spread that code through a network. In short, the quintessential security nightmare.

Describing the architecture (MetaMachine – used by eDonkey and Overnet) as “by far the worst and most insecure I have ever seen in my life”, Julian Ashton has posted his concerns on BugTraq and warned that it would only require a malicious plug-in for millions of P2P clients to turn either against the user or be used to target someone else, possibly in a DDoS attack.

The problem is that such plug-ins are not tied in with the software itself but allowed to sit with the operating system, meaning that P2P software could be used as a portal to gain access to people’s PCs. The possibilities to use this for virus or worm propagation, or spamming, or as a hacking effort are all too clear.

Ashton has even written a small add-in to demonstrate the problem, downloadable from his site. A zip of “Fake Fast Track” is available here.

While many companies either block or ban P2P software on their networks both for security and legal reasons, the fact that a relatively lightly skilled programmer could use such a client to compromise security will worry many.

Even if one network’s threat is dealt with, the millions of clients out there can still represent a massive virus or DoS risk. If the P2P clients using MetaMachine want to remain popular, an update to the software is sorely needed.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous articleNews Briefs
Next articleB2B survivors

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.