Friday, November 25, 2005

Fear, Uncertainty and Doubt

The "security consultant" is interviewed by Dan Ronan from WFAA-TV. He demonstrates what he says is a massive security hole in LimeWire. What he doesn't say is that he charges users to uninstall LimeWire:
File Share (LIMEWIRE) Removal & Repair
Windows® 2000, XP & XP Pro Desktops – $79.99
Get rid of the security leak! Just uninstalling the software does not get rid of LIMEWIRE, or other file sharing software. Call before your the next victim of identity theft. Don't believe me? Sign up and I'll test your system! If I can't find a hole in your defense, you get your money refunded.

And to do this he needs to install remote control software to do so. After that, your PC can be controlled from a browser, presumably with your permission. But this adds a security hole, rather than removing one.

Now this may be reasonable if you are running older versions of LimeWire, but that program was patched in March 2005. So why kick up a fuss in November 2005? See - Press Material.

Also, how can he say that a LimeWire uninstall doesn't get rid of the software? After all, the entire LimeWire directory gets deleted! Since when are remaining registry entries regarded as software? Or is he referring to the Java runtime software?

Why has he got it in for LimeWire? It's one of the only file sharing programs that doesn't have adware, popups and hidden spyware in it! It is an Open Source Java application, so anyone who understands Java can download the code and read it. That makes it more secure, not less. See Comparison of Unwanted Software Installed by P2P Programs.

I wonder if he is WellAware of all this or not? I doubt it. See full article text below

1 comment:

Edward Chiarini said...

Yep, WellAware of it all to well.
Im glad you feal as you do, if not how would I pay my morgage?

So let me bottom line it for you. Your saying Limewire is safe...hummmmm ok, Im full of it for charging to reverse the damage it does to your computer ...hhhummmm, ok, and everyone in the world is just making up this so called Identity Theft mumbojumbo? Am I accurate by these statements or do you need to see it in your own thoughts

Email from Donn to Ed

a) I accept you could do a browse host of her machine using direct connect.
b) I accept you can search for "contacts" of another person's machine.

And you see no harm in this? Go ahead, put your money where your mouth is. Give me your IP, let me look around for your contacts, or take a quick glance of your tax records. Or do you still want to hide behind your Oooohhhhhhh, lets be real, give me your IP and 5 minutes I'll make your machine two step like we do it here in TX.

Ed Chiarini

Warning: The NSA and 4 million other sick weirdos with "security clearance" have intercepted this page and know that you are reading it.