|
Accessing files on computers not running file sharing programs Yesterday I was searching for documents. Some of the results were curious, so I downloaded some. (docs are small and quick to DL.) The files were patient information and medical records. Browse Host yielded the entire contents of her computer. Chat Host did not work. As it turned out, there was a good reason for that. Eventually I was able to talk to her; she is not running Limewire or any other file sharing program. She has no idea how her computer became open to the world. No one else uses her computer. I spent most of the night learning that there are many (Since I found a few in 4 hours.) other computers out there giving the entire world access to their personal files. For example, I found a family in Washington State whose geneology, job applications, and other identity theft information is open to all. Stock trading information. Anything. So all I can think of is virii and worms. What gives? Anybody? |
Re: Accessing files on computers not running file sharing programs Quote:
But yes, unbelievable that someone would be so careless. The default share location for LW is only the downld folder. So to share any other folder, etc. would have been set by the person themselves. It was said that versions of LW I think from 4.2 to 4.8.0 has a bug where someone "might" be open to access for other parts of their computer. But I've never heard of this happening before. I hope you told them to check exactly what folders they were sharing & remove only those desired to share. I guess there's a small chance a network might be shared. But ... since you chatted with the person then obviously the mistake is theirs. I guess this also is why people should not downld to their desktop. It sounds like their downld/share folder is used for multiple purposes. They obviously keep private documents in there as well. LW 4.9 allows you to select particular files or folders not to share or to stop sharing via the LW Library window. |
hmm too! He actually said he was able to TALK to her. I assumed by phone, or in person.... we are not told:confused: This is a first post... I'm curious how long andysippowitz has been using Limewire. My thoughts are of incredulity if the story is as told:confused: |
I erred on the side of brevity. I did not "chat" with her. I was able, through the medical records, to locate the doctor's office for whom she was transcribing. (On reflection, I could have tried to access her personal information to identify and contact her.) I gave them all the information I had as to how I had come to making the phone call. They knew immediately which transcriptionist it was, as I had her initials. I gave them my complete contact information, including phone number. They contacted her and passed along the number (Questionable conduct on my part, perhaps, but I am a former medical transcriptionist and knew that I was talking to a reputable medical facility). She called me this morning. She clearly had no idea how her computer got compromised. (No, P2P, file sharing, downloading music, swapping files, all of that are completely foreign to her.) She did not know what LimeWire was, had no idea what file sharing was, and shares her computer with no one. |
I have been using Limewire, off and on, for a few years. I had a few thousand downloads, most of which were lost because I failed to backup the system. [Always do backups or at least duplicate your files to an external drive. Drives are so inexpensive now, we can keep a couple of them and connect one to update periodically, like off-site storage.] I am in hopes that someone can point to an infection. This person is to have an IT visit and analyse her system. I believe that she will turn out to be a live-alone, non-networked (working by modem) person who visited the wrong site and caught a bug. |
Amazing. I can only guess "perhaps" it wasn't her that was sharing these files. There might be more than one copy. Yet also, someone might have accessed her computer thru a backdoor - spy program or the like / hacker. Most people wouldn't keep their own personal medical records on their own computer .. or am I misunderstanding here. It sounds like the medical office that was compromised. Be it a doctor/nurse or receptionist, etc. |
So This Lady transcribes hand written notes onto her computer, and then E-mails them back to the Doctor's office? ... or might there be a network of transcribers connected to the office? If the second case the whole network could have a security flaw .... I'm really just typing my thoughts out, and I have very little knowledge of internet security, but I suspect Andy that you do. You say "I spent most of the night learning that there are many (Since I found a few in 4 hours.) other computers out there giving the entire world access to their personal files. " I'm not sure it is wise for you divulge your secrets to the world, but It does pass through my mind "How the Hell did he do that?" It's certainly interesting |
One thought at a time. I just e-mailed the lady in this case, and asked her if she bought the computer new or used, or did someone give it to her. I explained to her the ramifications of second hand computers, but I hope everyone here is already ahead of me. I urged her to take it to a shop tomorrow and have it analysed. How Medical Transcription works: In this case, she works from home. She might dial into the client's computer and listen to digital recordings, or someone could deliver tapes to her door, or she could be dialing into a tape machine (mighty unlikely, anymore). [I know these things because my daughter does it, I have been trained for it, and I worked at it in an office where our company computers connected to the client's computers.] Her finished product might have been e-mailed, in the past, but it probably is transfered as a file now. The files I found included her stock trading files. The number of files was about right for someone that is not computer intensive and doesn't fill up with music or video. Evidently she is on a dial-up connection, because I can't access at night. Next: I have never done this before yesterday; I'm just a quick study. :) I will leave it up to the moderator whether or not to leave the following on the forum. I was searching for manuals relating to my military surplus electric generators. The search was for Documents, with certain letters at the beginning of the file. This lady's files her work by the initials of the doctor doing the dictation. When I saw files with dates on them, I got curious and downloaded one. I recognized it, and Browsed Host. I wanted to contact her and alert her, but Chat Host didn't light up; naturally, since she had no knowledge of file sharing. [I am thinking that she has some obscure and obsolete p2p on a 2nd-hand computer - it makes sense.] I hunted down the phone number for the clinic that the op notes came from and called. Telling the operator that I had information on compromised patient files got me put straight through to the right person! Nothing like saying the right thing! The OM (office manager) hardly knows which way to push the buttons, but her assistant got on the speaker phone and, when I read them a few lines of the op notes, I had their full attention! They asked for a copy for verification purposes, and to be able to confront the MT. I e-mailed the file. I gave them this full explanation of how I happened to have the info, my personal phone number, and the name of my transcription employer. [I knew that they were legitimate, and wanted to put them at ease - an any good conman would.] The contacted the MT and she called me this morning. I am satisfied that she knows nothing of p2p by any name or activity. Those of you who have stuck with me through this may now go get a beer. So it's either malware or a used computer, I guess. Now, for the "several more". Search for Documents by any keyword. When you find something that looks personal, Browse Host. Sort by Type and focus on txt and doc. Look for the Chat Host button: If it is greyed out, it might be a case such as I just described - Now, I am just guessing. I reveal this for the same reason the security people tell you to keep your hedges clipped low in front of your windows: So you will know to protect yourselves. I have no idea what her firewall situation is. If she even knows the word, she probably thinks that it is part of the floorboard of the car. And there is no way that I could ask the question without "How the llll can you be so stupid?" coming through my tone of voice. Even though I have no idea how to prevent this from happening to me. |
misleading thread title There had to be a gnutella client running on her computer: the client responded to search queries and to the browse host command, and returned results. Those command were sent and returned in language only a gnutella servent would understand. Sorry. I hope she doesn't lose her job over your report. |
Re: misleading thread title Quote:
What is frightening is the number of other personal computers that are wide open. Where hers was evidently not a matter of her not setting the program up properly (if she did, indeed, not even know that it was there), the others that I found were doing file swapping and simply were not set up safely. |
| All times are GMT -7. The time now is 03:37 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.