Thread: Newbie refresher course - cookies scandal
View Single Post
  #1 (permalink)  
Old March 29th, 2002
Nosferatu's Avatar
Nosferatu Nosferatu is offline
Daemon
  
Join Date: March 25th, 2002
Location: Romania
Posts: 64
Nosferatu is flying high
Post Newbie refresher course - cookies scandal
I am a bit of a newbie to gnutella. I am posting this for the benefit of other newbies, who may have missed the opriginal dialogue.

Here is text I received through the gnutella network

It's also <A HREF="http://www.gnutellaforums.com/showthread.php?s=&threadid=1324&highlight=cookie"> posted on gnutellaforums</A>.

--- Start quote of gnutella network bearshare cookies text ----------

<I>
WARNING!! Your first and last name may be sent out via BearShare!

Vinnie, the God and dictator of Gnutella loves his program name so much he made a secret little keyword that seems to bypass all sorts of safeguards. What's the
keyword?

"bearshare"

That was hard to figure out wasn't it?

Go ahead, try it. Search for bearshare and you will find stuff like I did! I
didn't use bearshare to get these search results, it may block them.

Filename: brianna@bearshare[1].txt
Contents:
LastVisitCookie
143145399
bearshare.net/
0
620126208
29536452
2238848912
29416453
*

So now I just connect the IP with all her MP3 files and I have more proof for a lawsuit. Just think if poor brianna had used her last name! I have found lots with first and last name, go try it!

Go ahead, search for "bearshare bossname" (bossname is your boss' name, or your spouse or whatever) let us know what shows up! I DON'T KNOW HOW FAR THIS GOES!

Vinnie doesn't care about your privacy, it's taken major pressure to get him to
get rid his spyware and he continues to use a browser tie in (to IE of all the
stupid ideas, no way to turn it off, forced - controlling what you do) and who
knows what cookies are getting out over the net.

Do we know what else bearshare does without your knowledge? Do you trust your privacy to a guy who wants to rule the whole Gnutella Net?

Vinnie now says he's going to delete any messages he doesn't like from his
forum. So this privacy information wouldn't get out to most of his users. Talk
about a control freak! Why does it take so much pressure to get just a few
changes from this guy? Why is he so worried about messages asking to make his
software more privacy concerned?

BECAUSE HE CAN'T CONTROL EVERYTHING WITHOUT HIS SPYWARE!

Here's another one I found:

Filename: home office@nude-***************[1].txt
Contents:
Apache
tuc125.dakotacom.net.65052985977479297
nude-***************.net/
0
3046415744
29407761
4290580608
29407552
*

So now we know where this guy has been, so he likes nude britney spears. But
what if it was "gay-naked-guys-doing-it.net" ? And what if the IP was this guys work? Could he lose his job over this? YOU BET!!! (and don't think it doesn't happen, even in secret) I have a date code, IP and a DNS name for his port, what else do I need?

BEARSHARE IS SPYWARE!

I could go on and on, these files are all over the place!

This attitude of BearShare's author sucks and isn't going to change. The only
way out is to stop using it and hope he goes away and gets a job somewhere that
has nothing to do with the net.

You would think by now people would stop using closed source software like this
when it comes to network connections. Your privacy is more important that you
think.

Most people don't get it till something bad happens. People run firewalls to
protect their computer, the firewall ain't working if you told it that BearShare
is OK to transmit packets!

What if I could get your e-mail password? Could I send mail to your boss or
lover/spouse and screw up your life? And why would some net kiddie not want to
do this just as a "joke"? Thinking it was fun?

Yes, Vinnie will say he fixed this after a lot of pressure, but who knows if he
just changed the keyword or encrypted it! He want's access to anything he can
get, he wants to control everything he touches, he dreams of being a dictator!

Control, control, control!

Run Open Source software only!

YOU HAVE BEEN WARNED! STOP THE BEAR!
</I>

----- End quote of gnutella network bearshare cookies text ---------

Well, these files are cookies.

I don't believe the second file came up under a search for "bearshare" .. the filename of the first item does contain the word bearshare, but the second one doesn't. If the author of this article was giving the full details, then it is a bit of a strange thing that that second file came up with a search for "bearshare".

Hey, waddayaknow, I search for bearshare and get heaps of these things coming up too, all @home.bearshare[1].txt or [2].txt.

Filename: jekeniar@www.bearshare[1].txt
Contents:
bblastvisit
997424327
www.bearshare.net/
0
3372760448
29507637
1418401952
29434213
*

Filename:brandon sandoval@home.bearshare[1].txt
Content:
count
1
home.bearshare.com/
0
1373229696
29473099
105099296
29472999
*

Filename:brandon sandoval@home.bearshare[2].txt
Content:
count
3
home.bearshare.com/
0
4138124672
29480893
348553872
29480693
*

Filename:default@home.bearshare[1].txt
Contents:
count
1
home.bearshare.com/
0
4186259840
29479460
3280589440
29479360
*

If I search for "@ .txt" I get some more, with different names:

For this one, I have obscured the name, but the full name is there.

Filename: firstname lastname@cgi.gaysexswap[1].txt
Contents:
gotoadlocation00
826
cgi.gaysexswap.com/
0
4236585088
29412047
4058378880
29411845
*

Filename: default@banserv.internetfuel[1].txt
Contents:
AT
A:3551:1:1003853342_
banserv.internetfuel.com/
0
1759604736
29603859
3986736256
29448989
*


OK, so basically it's bullsh!t that searching for "bearshare" unlocks some secret backdoor. How stupid.

And what it looks like is lots of idiots sharing out their entire C: drive on windows. Duh.

Windows appends your windows login to the front of the cookie file it stores. You don't even have to log onto the net for this to happen, I have a virgin PC with about 11 cookies on it, put there thoughtfully by M$ for when I do log onto the sites, eg AOL, Microsoft (of course) etc all their buddies.

Potentially these could have passwords in them, or all sorts of stuff, but mostly just tracking info like when you last visited a site, or what ad you looked at etc.

The problem is not specific to BearShare, or even to windows. It is specific to anyone too lazy to figure out what they should share and what they shouldn't.

Searching BearShare's site's forums for cookie only gets some info about how users shouldn't share out their entire C: drive.

Searching gnutellaforums comes up with <A HREF="">http://www.gnutellaforums.com/showth...ghlight=cookie">an unsubstantiated claim</A> along the lines of the info I started with above.

Hmm .. and <A HREF="http://www.gnutellaforums.com/showthread.php?s=&threadid=1459&highlight=cookie"> this</A> which doesn't answer the question.

Oh, here is <A HREF="http://www.gnutellaforums.com/showthread.php?s=&threadid=1324&highlight=cookie"> the original thread</A> from which I can extract this information:

-------- A posting ------------

Unregistered
Guest
Registered: Not Yet
Location:
Posts: N/A
Not that many

quote:
Originally posted by CycloCide
CNet wrote an article about this a few months ago at http://news.cnet.com/news/0-1005-200-4762138.html[/url]

Yes, but searching for other files that should be there doesn't turn up much. Granted, some people are screwing up, but there isn't enough of them to count for how many of these cookie files are out there.

Why is BearShare the only one returning most of these files? Are Limewire users smarter?

Besides, what does it take to get a simple warning when you try to share your main directory. It just goes to show you how much privacy means to this programmer.

-------- End posting ----------


----- Another posting ---------

Vinnie
Guest
Registered: Not Yet
Location:
Posts: N/A
Yes
Cyclocide, now do you see why I have to have the forums on BearShare.Net moderated?
This is getting ridiculous.
FYI, BearShare automatically shares any directory that you had set up in Napster, if Napster was installed.
Therefore, if you had MP3 files in your C:\Windows directory or underneath, and those directories were added to Napster's list of shares, then BearShare will pick it up and share those directories as well.
Since BearShare shares more than MP3, you might end up sharing cookies and the like.

-------- End posting ----------

So it seems that Vinnie fairly unwisely chose to just duplicate napsters shares .. because he thinks that most users are too stupid to set up shares .. or couldn't be bothered programming a dialogue to prompt and inform the user at setup. Anyway, Napster used to filter so that it only would share mp3 files .. you could quite safely share out your entire C: drive because of this filtering. Gnutella DOES NOT filter. Hence users are sharing their cookies, password files etc. Nice one Vinnie.

Yes, I think it is safe to give this guy a kick in the nuts for that one, even though it's a mistake many windows users would sympathise with, a professional programmer should have more sense. Duh!

Hey, also allegations that a possibly hacked version of Morpheus defaults to sharing the whole C: drive. Nuts, meet boot.

----- Another posting ---------
Unregistered
Guest
Registered: Not Yet
Location:
Posts: N/A
What's funny is this was reported over a year and a half ago and you can still pull up those cookies by searching with bearshare as a keyword.
Seems like someone likes this feature. That someone should fix it.
If you think it's simply some idiot sharing their entire C drive, then search for typical windows files, you won't find as many as those cookies.
This is something worse than you think.
-------- End posting ----------

Well, maybe people have been copying these cookie files around now.


Nos

--------------------
<I>[Edited 2 Apr 2002 to remove double-spacing of lines, add italics to quote of first message, add signoff.]</I>
Last edited by Nosferatu; April 2nd, 2002 at 01:32 AM.
Reply With Quote