The following is from: http://blog.washingtonpost.com/securityfix/ Report: First Lady Safehouse Route, Govt. Mafia Trial Info, Leaked on P2P Networks The latest caches of sensitive data reportedly found on peer-to-peer (P2P) file-sharing networks are shocking: A highly sensitive document dated July 2009, listing the precise location of installations bearing weapons grade nuclear fuel in the United States; FBI surveillance photos of an alleged mafia hit man leaked while he was still on trial, along with the the government's witness list, some of whom are in the government's witness protection program; A U.S. Secret Service document on the location and layout of an emergency safe house for former First Lady Laura Bush. The revelations came at a House Government Oversight & Government Reform Committee hearing on the problem of inadvertent sharing of files via P2P software. Robert Boback , chief executive of Tiversa Inc. , a company that scours these music- and file-sharing networks for sensitive data, told the committee his researchers also found the Social Security numbers and family information for every master sergeant in the U.S. Army, as well as the medical records of some 24,000 patients of a Texas hospital. Boback said the list of nuclear sites was found not on computers of P2P users in the United States, but at four locations in France. "Every nuclear facility, every agency," Boback said. "This is information that is not even subject to government Freedom of Information Act [request], however, you can access it on peer-to-peer, in plain text." P2P software such as "LimeWire" and "Bearshare" link computers directly, allowing users to swap digital movies, music and files with other users without the need of a central Web site to manage the exchange. What users may not be aware of is that the software that facilitates file sharing may be configured to allow access to a portion, if not all, of a user's documents. The disclosures are just the latest examples of egregious data breaches made possible by inadvertent file-sharing over P2P. Last summer, The Washington Post found that an employee of a McLean investment firm accidentally shared the Social Security numbers and birthdays of some 2,000 lawyers in the Washington area, including Supreme Court Justice Stephen G. Breyer. In March 2009, blueprints for Marine One, the president's official helicopter, were found on the computer of a P2P user in Iran. Mark Gorton, chairman of LimeWire parent The Lime Group , told the committee that the latest version of his company's software makes it extremely difficult to accidentally share sensitive documents on their PCs. Gorton said efforts to regulate the P2P software industry would be difficult, as LimeWire was but one of dozens of such software providers. "We are doing our best to set a standard that we hope other file-sharing companies can follow," Gorton said. "Most creators of P2P applications are not based in the United States, and may not even be corporations." But Committee Chairman Edolphus Towns (D-N.Y.) was not convinced, saying he planned to introduce a bill to ban this peer-to-peer software software from all government and contractor computers and networks. "I plan to meet with the new Chairman of the Federal Trade Commission to request that the FTC investigate whether inadequate safeguards on file sharing software such as LimeWire constitute an unfair trade practice," Towns said. "The Administration should initiate a national campaign to educate consumers about the dangers involved with file sharing software. The FCC needs to look at this, too. The file-sharing software industry has shown it is unwilling or unable to ensure user safety. It's time to put a referee on the field." Rep. Darrell Issa (Calif.), the panel's ranking Republican, was more concerned about the broad availability of pirated, commercial software on P2P networks. Waiving a CD-Rom filled with dozens of examples of tax returns downloaded from P2P networks, Issa addressed Mark Gorton, chairman of LimeWire parent The Lime Group. Issa said he was concerned about hundreds of millions of dollars of software stolen each year through P2P. "I will tell you this disk represents to me a referral to the California attorney general if we cannot be satisfied," Issa said. "If you condone and allow and induce this to happen, you are guilty of cooperating and participating in every criminal act that flows from that activity." By Brian Krebs | July 29, 2009; 12:20 PM ET | __________ Information from ESET NOD32 Antivirus, version of virus signature database 4289 (20090729) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com To subscribe or to leave the list, or to set other subscription options, go to www.freelists.org/list/real-eyes