Security threats Toolkit

Swappers 'vulnerable to hackers'

Tags:
West Bank,
Music,
Song,
Share

John Borland CNET News

Published: 07 Oct 2003 09:15 BST

Earthstation 5 has released a new edition of its file-swapping software, responding to reports that running older versions could let hackers delete critical files on a users' computer.

The concerns were raised in a security bulletin posted to security lists last week by a programmer with the pseudonym Random Nut, who previously exposed a flaw in the Kazaa file-swapping software.

In an email statement sent to CNET News.com on Monday and attributed to Earthstation 5's chief programmer "Filehoover," the company acknowledged that the security problem did exist. However, it added that the glitch had been part of an automatic remote update feature that had been removed in the new version of the program, which was available on Monday.

"We completely removed the automatic software upgrade code because -- as it turns out -- automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so," Filehoover wrote in the statement, which was also posted on file-swapping Web forums.

Earthstation 5 is the most flamboyantly outspoken of a new generation of file-swapping companies that hope to win users from Kazaa and other popular networks by offering increased privacy.

Although Earthstation 5's origins are difficult to verify, its backers say the company is based in refugee camps in the Palestinian West Bank -- for practical purposes, outside the reach of the American recording industry and movie studios. The company has gone as far as posting copies of first-run movies on their servers for download and streaming.

The company has also fast won a reputation for spreading discord amid an already fractious file-swapping community. The service's chat boards are full of distain for other services and forums, with criticisms of those other networks and their developers often taking a bitterly personal slant.

Random Nut declined to give his identity, but did confirm that he had been involved in the development of a version of Kazaa Lite, an unauthorised version of the Kazaa software from which advertising and other components have been removed. However, the programmer said Earthstation 5 had misidentified him in their widely posted statement.

In an email, Random Nut said that the most recent security flaw should point out the dangers of trusting their privacy to proprietary software.

"I think it shows that most closed-source software isn't secure," Random Nut wrote. "If ES5 had been open source, this feature wouldn't have existed in the first place."