Researchers see P2P software as security risk

P2P file-sharing software poses a massive security risk, researchers have warned.

One plug-in designer for the hugely popular eDonkey program (two million clients and counting) has revealed that a simple plug-in can provide unlimited disk and sockets access, the ability to run programs on the local machine and an opportunity to spread that code through a network. In short, the quintessential security nightmare.

Describing the architecture (MetaMachine – used by eDonkey and Overnet) as “by far the worst and most insecure I have ever seen in my life”, Julian Ashton has posted his concerns on BugTraq and warned that it would only require a malicious plug-in for millions of P2P clients to turn either against the user or be used to target someone else, possibly in a DDoS attack.

The problem is that such plug-ins are not tied in with the software itself but allowed to sit with the operating system, meaning that P2P software could be used as a portal to gain access to people’s PCs. The possibilities to use this for virus or worm propagation, or spamming, or as a hacking effort are all too clear.

Ashton has even written a small add-in to demonstrate the problem, downloadable from his site. A zip of “Fake Fast Track” is available here.

While many companies either block or ban P2P software on their networks both for security and legal reasons, the fact that a relatively lightly skilled programmer could use such a client to compromise security will worry many.

Even if one network’s threat is dealt with, the millions of clients out there can still represent a massive virus or DoS risk. If the P2P clients using MetaMachine want to remain popular, an update to the software is sorely needed.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now