Online business Toolkit

Kazaa users often expose personal files

Tags:
Viruses,
Security,
Personal Files,
Peer To Peer

Steven Musil CNet

Published: 07 Jun 2002 09:00 BST

Users of the popular file-swapping program Kazaa frequently expose personal data to other network users by erroneously designating which files should be shared files, according to research released by HP Labs.

The study, conducted by computer scientists Nathaniel S. Good of HP Labs and Aaron Krekelberg of the University of Minnesota, points out that peer-to-peer programs often pose a threat to computer privacy.

The research, which was published Wednesday on Hewlett-Packard's Web site, found that a significant percentage of Kazaa users have accidentally or unknowingly designated private files to be shared with everyone who has access to the popular Kazaa network.

The researchers scripted programs to search the Kazaa network for files that store Microsoft Outlook Express email, with the assumption that these would be files that no one would intentionally share on the public network.

The automatic queries occurred every 90 seconds for 12 hours and revealed 443 instances of unintentional file sharing. In that 12-hour period, 156 Kazaa users were found to have email files open for public review. Sixty-one percent of the searches revealed at least one email file.

In another test, researchers studied 20 distinct cases in which the Outlook mail program had been made public. Of those, 19 allowed access to other categories in the program, such as deleted items and mail sent. Nine users exposed their Web browser's cache and cookies, five exposed word processing programs, and two exposed what appeared to be financial data.

Another experiment sought to determine whether other Kazaa users were trying to exploit this vulnerability by downloading files from other users' computers. The researchers placed dummy personal files with titles such as Credit Card.xls and Inbox.dbs on a server. In a 24-hour period, the credit card file was downloaded four times by four unique visitors, and the inbox file was downloaded four times by two unique visitors.

The study said the researchers did not download any files from other Kazaa users.

The researchers blamed shortcomings in the Kazaa installation software for making it easy for users to configure their software improperly and unknowingly share private information.

Kazaa representatives were not immediately available for comment.

Brilliant Digital Entertainment, which owns the Kazaa software, recently came under a firestorm of criticism when it was revealed that it had quietly attached its software to millions of downloads of the popular Kazaa file-trading program and plans to remotely "turn on" people's PCs, welding them into a new network of its own.

Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.