Security News > 2001 > February > mass-marketing a cracking tool
Would you believe that someone is marketing a Windows computer cracking tool as a Napster alternative? ["ShareSniffer Inc.'s newly-launched software, also called ShareSniffer, allows people to hunt for exposed Windows file systems with the ease of a Napster-user searching for a favorite track. "Right now... there are tens of thousands of computers worldwide that have their files deliberately shared with the Internet with no password required," reads the ShareSniffer web site. The site goes on to encourage netizens to rummage through strangers' music files, digital movies, Microsoft Word documents and spreadsheets. The company motto: "Because it's there."] In other words, it's a user friendly Windows cracking tool marketed to the general public. This class of tool is well-known, It's making this kind of tool usable even for novices and marketing it that's the innovation. Handing this kind of tool out to people too unsophisticated to know that snooping through the hard drives of others is bad manners at best, likely to get their ISP accounts terminated, and even get put them in jail and encouraging them to use it is one of the most irresponsible things I've ever heard of. http://www.securityfocus.com/news/159 news.admin.net-abuse.email http://groups.google.com/groups?q=alt.sharesniffer&hl=en&lr=&safe=off&rnum=10&seld=922054339&ic=1 And the site URL, which for some reason isn't in the article is: http://www.sharesniffer.com . I'd say security by obscurity about this isn't working, when I searched on sharesniffer earlier at google, I turned up hits on alt.hacker.malicious and alt.fan.cult-dead-cow I immediately checked my Windows network permissions to make *sure* I hadn't inadvertently turned "file sharing ON"... and I'm running dialup behind the ZoneAlarm firewall. :-) Of course, people who don't have their network permissions turned on to share files are immune, as are people with decent firewalls. While I strongly suspect that sharesniffer is going to disappear very soon, the program is going to be showing up at a great many places in the future, among them your clients' employee hard drives. A.Lizard ************************************************************************ Personal Web site http://www.ecis.com/~alizard Disaster prep info: http://www.ecis.com/~alizard/y2k.html Littleton Killings: http://www.ecis.com/~alizard/littleto.html backup address (if ALL else fails) alizard () onebox com IF YOU USE PGP, UPGRADE NOW! A major bug has been discovered in PGP, the new version with the bug fixed is available NOW. PGP 6.5.8 key available by request,keyserver,or on my Web site For e-mail privacy, download PGP from http://www.pgpi.org PGPfone v1.02 and v2.1 available for secure voice conferencing, get your own (W9x,NT,Mac) at http://www.pgpi.org/products/nai/pgpfone/ ************************************************************************ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
News URL
http://www.securityfocus.com/news/159