Home page logo

isn logo Information Security News mailing list archives

mass-marketing a cracking tool
From: "A.Lizard" <alizard () ECIS COM>
Date: Tue, 27 Feb 2001 11:19:05 -0800

Would you believe that someone is marketing a Windows computer cracking
tool as a Napster alternative?

["ShareSniffer Inc.'s newly-launched software, also called ShareSniffer,
allows people to hunt for exposed Windows file systems with the ease of a
Napster-user searching for a favorite track. "Right now... there are tens
of thousands of computers worldwide that have their files deliberately
shared with the Internet with no password required," reads the ShareSniffer
web site.  The site goes on to encourage netizens to rummage through
strangers' music files, digital movies, Microsoft Word documents and
spreadsheets.  The company motto: "Because it's there."]

In other words, it's a user friendly Windows cracking tool marketed to the
general public. This class of tool is well-known, It's making this kind of
tool usable even for novices and marketing it that's the innovation.

Handing this kind of tool out to people too unsophisticated to know that
snooping through the hard drives of others is bad manners at best, likely
to get their ISP accounts terminated, and even get put them in jail and
encouraging them to use it is one of the most irresponsible things I've
ever heard of.



And the site URL, which for some reason isn't in the article is:
http://www.sharesniffer.com .

I'd say security by obscurity about this isn't working, when I searched on
sharesniffer earlier at google, I turned up hits on alt.hacker.malicious
and alt.fan.cult-dead-cow

I immediately checked my Windows network permissions to make *sure* I
hadn't inadvertently turned "file sharing ON"... and I'm running dialup
behind the ZoneAlarm firewall. :-)

Of course, people who don't have their network permissions turned on to
share files are immune, as are people with decent firewalls.

While I strongly suspect that sharesniffer is going to disappear very soon,
the program is going to be showing up at a great many places in the future,
among them your clients' employee hard drives.

Personal Web site http://www.ecis.com/~alizard
Disaster prep info: http://www.ecis.com/~alizard/y2k.html
Littleton Killings: http://www.ecis.com/~alizard/littleto.html
backup address (if ALL else fails) alizard () onebox com
IF YOU USE PGP, UPGRADE NOW! A major bug has been discovered in PGP, the
new version with the bug fixed is available NOW.
PGP 6.5.8 key available by request,keyserver,or on my Web site
For e-mail privacy, download PGP from http://www.pgpi.org
PGPfone v1.02 and v2.1 available for secure voice conferencing, get
your own (W9x,NT,Mac) at http://www.pgpi.org/products/nai/pgpfone/

ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERV () SecurityFocus com with a message body of

  By Date           By Thread  

Current thread:
  • mass-marketing a cracking tool A.Lizard (Feb 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]