The host and username in the header most both by valid for this to work.Ĭlients listen for messages on port 1214 by default, even when they are not actively connected to the service.Īny versions of file-sharing clients based on FastTrack P2P technologies which include the messaging functionality should be considered prone to this issue. It is possible for a user to craft a raw fake HTTP GET header to spoof the identity of an another existing user via the messaging service offered by vulnerable clients.
Ports also exist for variants of the Linux operating system. They will run on Microsoft Windows 9x/ME/NT/2000/XP systems. KaZaA, Grokster and Morpheus are file-sharing clients based on FastTrack P2P technologies. It is thought that the issue may have been addressed in later versions, though no vendor confirmation is available. This issue has been reported in WinMX 2.6. As a result, these credentials could be exposed to other local users. Sorry guys for yet more questions/details, my knowledge is still noobie in these areasĬlick to expand.WinMX stores P2P passwords in plaintext. If all these 3 points (and any more) are true, then I reckon I would win the argument overall that p2p is inherently unsafe. I'm assuming u can be hacked, but is this correct if the p2p program controls the port? Would there have to be a known exploit in say emule for this to happen, or could any hacker get thru any open port? Open ports: exposing your self to hackers. Is this right, if so, that would another score to meģ. How does this happen and wouldn't it be really difficult to detect as the s/w itself would be opening a port and u wouldn't be able to tell if u are sharing a file or spreading a worm. Worms: piggybacking on a p2p application. I reckon I win the argument here, and I should send him to the wilders boards to get really scared if he thinks having the right security s/w makes you invincible!Ģ. So already u are putting yourself under risk, buy exposing yourself to potential threats. Bad files: the biggest risk is d/l a file an opening it/clicking on it (like an exe) which might be a trojan and u hope your security s/w picks it up. So what I'm asking whether he's right, or how much he's wrong.įrom my limited knowledge & what folks have said, I see 3 main threats:ġ. Just to clarify, I'm not associated with military or anything like that! And while i'm discussing this p2p stuff with a work collegue, he runs p2p on his home machine 24/7.Īctually his argument is that with an AV, decent f/w and anti-trojan, running emule is safe and I'm being paranoid/scaremongering
0 kommentar(er)
