Friday, December 02, 2005

Go Ahead, Hack My LimeWire

I don't normally run LimeWire all the time, because I can't spare the bandwidth, and 3GB a month is not a huge amount if you're sharing a whole bunch of files, so I rarely share any. But this weekend is different: Edward L. Chiarini Jr. has promised me that he'll use the "security flaw" in LimeWire to hack my PC.

You can try it too: use a direct LimeWire connection to mcprog.dyn.isogo.co.za on the standard Gnutella port of 6346. It's wide open, even GRC.com says so. This is what you should find:
(Click on the image for more detail)

But what else will you find? My guess is nothing, because there isn't anything else to see, just the way LimeWire installs things. I don't for one moment deny that stupid people share all their files, but then stupid people do all kinds of other stupid things too. But that isn't a security flaw in LimeWire, isn't it?

Of course, if you really keep looking, you might find part of my credit card number, but only if you look really hard.

Update: in spite of the incoherent ramblings in the comments section, Ed didn't hack my PC. He was unable to say what files were shared on my PC, and the image he provided didn't show them either. Here is his image:



Here is what I was sharing, as seen from another PC:

So if he had connected to my PC, these files would also show up in his picture. Not even the word document showed up, and he knew in advance about that.

See follow-up blog: Abort, Retry, Fail | digg story
| Original News Story | WFAA News Story: Flaws Exposed
| File Not Found; Flaw not Found

3 comments:

Anonymous said...

Hey Donny my man, what’s happening? Why so quiet? Nothing to say? Fine, be that way, and to think I was just starting to get used to having you around. Similar to the feeling you get when you visit the beach and your shorts get filled with sand. At first it’s really annoying, but by the end of the day, you don’t even realize its there.

Enough chit chat, let get down to business. I’m sure your readers are anxious to learn how this episode ends. But first let me sum it all up for those who missed a spot.

Briefly, in a nutshell Mr. Edwards contacted me through via my web site WellAwareNet.com We emailed to each other over two days. Ending when I said I wanted to post these questions to my site. That way I could free up the time I spend answering duplicate questions.

Next thing you know here comes a shot back from Donn, attempting to discredit me, and Mr., Ronan, to his fellow associates at WFAA Dallas. Then to demonstrate his journalistic professionalism decided to publish communications to this BLOG without offering me the opportunity to debate. Ending with a cheep shot, hoping I wasn’t aware of his actions.

“I wonder if he is WellAware of all this or not? I doubt it.” – Donn Edwards

But much to his chagrin not only was I AWARE, but had already begun pulling server logs, of the past week, attempting to hunt down his IP address. I noticed he was using a spamcops.com domain, and to cover my self wanted to gather all the info I could. Often times you find out a persons true intention when it’s too late. I always tell clients no matter how good you are, or think you are, one day you will make a mistake. Just hope when that happens I’m not the one looking for you.

Now with a heaping shovel of sand in my shorts, I fired a response and added a comment to his BLOG.

If you read it you’ll understand how important my commitment to my work and clients is to me. I stand firm by my work and to prove my loyalty offer a satisfaction guarantee to those needing my assistance. Hey Donn, you offer that? Doubt it, especially after witnessing the amount of backpedaling you did when I said put your money where your mouth is.

Let’s see how secure your machine really is with Limewire slowly eroding away client data along with a hard drive or two.

By the nonchalant tone you took while briefly commenting on two of my questions, made it clear to me you had no understanding or regard for the safety of your files. If you’re the Boss that’s one thing, but from my past experience, you only need to witness the reaction the IT Staff has after hearing the words Napster, Limewire, and File share, to realize they are bad, bad, bad.

If you’re missing any IT Staff after reading that paragraph, you can find them shivering under their desks.

“Bring it on. Show me what you got!” I have no problem putting my skills to the test. I look at it as a win-win situation. IF you win you win if you loose you walk away having gained that much more knowledge.

Not as enthusiastic this time, he agreed but forgot to publish it to this BLOG. No problem here you go.


Donn's Email
Go right ahead. My IP address for LimeWire is mcprog.dyn.isogo.co.za
I'll leave LimeWire running all night. Tell me if you find anything.
As you can see from the screen shot, I'm running the DEFAULT installation, especially for you.


Eds Comments -
Ill be brief and to the point.

1. Default settings? ---- wrong
Connections tab should be hidden
2. 70 days should be 7 days

3. Noticing the BIG 0 representing how many files have downloaded and another BIG 0 for the amount of them shared, says allot for your confidence level

4. Who names their users “IBM Valued Customer” anyway? Something smells fishy!

5. Confident, I where? I can’t see anything through this firewall!

6. And last but not least your IP is not “mcprog.dyn.isogo.co.za” it’s 165.165.150.158: with the default port 6346 open.




WellAware of the fact that he wasn’t going to play fair, I prepared myself by pulling out scripts and codes, I had long forgotten.

His post to me after I informed him of his inconsistencies:

My Limewire port 6346 is always permanently OPEN. Here is the proof from GRC.com

Shields Up

Internet Port Vulnerability Profiling by Steve Gibson, Gibson Research Corporation.

Probing Your Port 6346
The GRC server is attempting to establish a TCP
connection to Port 6346 of your computer located
at Internet at IP address 165.165.150.158:
Total elapsed testing time: 0.588 seconds
Port StatusProtocol and Application

6346

OPEN! gnutella-svc
gnutella-svc

The result of the port probe is shown above.
You may press your browser's BACK button to return to the page that brought you here, or you may click on the ShieldsUP! heading link at the top of this page to access all of our ShieldsUP! services.
<<<<<

I am using the default Limewire settings. I specially made a file called "Donn's Credit Card.doc"


Donn's Special File

Notice how the icon shows "No Firewall" because the port is wide open.

The only "firewall" I have is the standard WinXP one. I have an ADSL connection so I'm online all the time. The IP address changes every 24 hours, which is why I have a Dynamic DNS. I even have a web site at http://mcprog.dyn.isogo.co.za

I'm going to work now, so the address on my laptop will change, but I'll leave the file shared just for fun, so you can search for it under "What's new". I'll leave my laptop running Limewire (at home) the entire weekend.

I like this game, especially as it proves that there is no Limewire security flaw, just users who like to share weird stuff.

Come and get me ;-)

Hey Donn a little bonus tip, remove the windows firewall and invest in the $20-30 MacAfee Firewall or Zone Alarm. The windows firewall reduces you speed up to 80%.


Don’t believe me? Whatever, but I think the virus now living in the Cell Phone Banner on your hard drive wont be to thrilled. Yep, Oh yeah, he wanted me to let you know he doing well, plans on multiplying shortly. OH, look at that he just did.

Virus Donn invited over for a play date.



He also wanted me to mention something about whatever you do DON’T USE McAfee to get rid of him. Hint Hint! Just looking out for you buddy.

His JPG house was built from a cell phone banner add I found, UPS, did I say, I found on your machine? What I really said was you never know who or what you’re allowing on your machine when you share files with software that has known security risks.

And who would have though you would have shared, of all things a banner adds with your credit.doc.

Nice try again Donn, file wasn’t there. Even if it was do you think for a second I was going to download it to my drive? I’m not going to be the one to let some Crazy African Virus loose on Big D! (Just kidding)

Please repeat your question Donn, You wanted to know how I got a file that you didn’t assign to be shared..Hummmm … I know! Why don’t you ask Crystal Snow and all the others who have suffered damage due to their confidential information unintentionally ending up in some "Priceless" email spam commercial? You know what emails I’m talking about.

Putting aside the fun and games, the only reason why I’m taking time out of my schedule for this, is not to prove either of us right or wrong, it to hopefully inform people who are UNAWARE of the risks unknowingly get involved with, by allowing Limewire into infest their machines.

You and I may agree to disagree till the end of time, but I hope you understand the fine line we walk, each time we educate people on this topic. I have faith that my integrity and good judgment will help me avoid unintentionally enabling someone whose only intention is to use the knowledge to harm others. At least we can agree on that?

I truly enjoyed discussing and getting the opportunity to pull some forgotten hacking toys from the closet. I would be happy to disclose how I accessed your machine but would appreciate keeping that between you and I. Don’t have time to entertain every Script Kiddy from here to Africa


If you need help removing the virus from your machine just run the free virus scan you can download from their site. If you don’t it will slowly cut off your internet connection. And none of us want that to happen ;-)


One last thing Na Na Na Na Na

Anonymous said...

Sorry, I need sleep forgot to put the lime wire screen shot up for you.

Hey Donn congrats, you have now 6 invisible virus running loose on your machine. Like I said Dont poke them or feed tham after midnight....Sorry wrong movie. Dont click on them if you find them they will double in size.

Just look at the first ones size then the other two. Like I said DONT TOUCH!

Just run McAfee.

screen shot of eds limewire

Anonymous said...

This guy is so hung up about McAfee that it's scary. He obviously has no idea about security, or he would use a decent AntiVirus program.

It looks like his claims are bogus.