Risk
2/23/2010
11:35 AM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

P2P Business Problems Growing: FTC Issues Warnings

The FTC's announcement that nearly 100 private and public organizations had insecurely transmitted confidential, personal data over P2P networks is a wakeup call not just to those receiving the warnings, but to every business whose employees may be using file-sharing technology -- and especially to those who don't know whether employees are P2Ping or not.

The FTC's announcement that nearly 100 private and public organizations had insecurely transmitted confidential, personal data over P2P networks is a wakeup call not just to those receiving the warnings, but to every business whose employees may be using file-sharing technology -- and especially to those who don't know whether employees are P2Ping or not.The Federal Trade Commission's (FTC) warning letters raised serious flags about the transmission of personal (employee or customer or both) data over peer-to-peer (P2P) networks. although no formal charges have been filed yet.

According to the FTC alert, whatever the original purpose for the P2P transmission, and whatever its intended recipient,the material "is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud."

Time to tighten the clamps on business use of P2P connections -- if you allow them at all. If you don't, time to find out if any of your employees are using your networks for P2P, whether for business convenience or personal file-shares.

Any P2P use is risky, but improperly configured sharing could make an entire disk's contents available to the P2P network, not just the files being deliberately (if foolishly) shared over the connection.

It's all too easy for P2P's convenience to become an info-leak night mare, as Supreme Court Justice Breyer's office found out not long ago.

A sample of the FTC P2P warning letter is here.

The FTC's P2P educational materials are here.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0890
Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2015-2168
Published: 2015-03-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.