April 18, 2005
Peer-to-peer email harvesting
A provocative press release today warns of peer-to-peer (P2P) networks as a potential spam-harvesting threats.
California-based Blue Security said it did some searches on the Gnutella P2P network and discovered lots of people were unknowingly sharing their Microsoft Outlook data files and other sources of email addresses.
To check it out, I went onto Gnutella and, sure enough, I was quickly able to scare up a couple copies of Outlook.pst and some text and Word documents containing email address lists from my fellow file-sharers.
Thing is, I'm not sure this is really much easier or productive than what spammers are currently doing to build their email lists. (I believe PST files are password protected, so that's an obstacle.)
As for the dangers to P2P users, if you're sharing PST files, you're probably in a heap of trouble, and not just spam-related. Chances are you're sharing the contents of your entire hard disk, rather than just a music folder and mp3 files.
Some folks have been known to unintentionally expose all sorts of private data (passwords, account numbers, etc.) via their use of P2P programs. Bad guys even take advantage of other peoples' snooping by creating documents with names like sexsitepasswords.doc which are actually just ads for porn sites.
Bottom line: this is another good reason to make sure you configure your P2P program with care. But I can't really see P2P harvesting as a huge threat.
Blue Security's announcement conveniently comes a couple weeks after the company received $3M in venture financing from Benchmark Capital.
Posted by brian at April 18, 2005 9:06 PM
PST files are not password-protected by default; you must specify one manually when creating the PST file.
Posted by: Steven Buehler at April 26, 2005 3:16 PM