“Researchers at Cornell University said on Tuesday that they discovered a potentially dangerous security flaw in the popular LimeWire file-sharing software, but that the company has quickly released a fix.”
According to Emin Gun Sirer, an assistant professor of computer science, the flaw could allow an intruder to read any file on the hard drive of a person running LimeWire, whether or not it has been deliberately shared with others using the software.
LimeWire has been downloaded 42 million times! And this was inadvertently introduced into Limewire’s development since last year!
I am a huge fan of opensource software. But, I still believe that there really are no truly safe filesharing programs. Open source or proprietary. With many seeded files on the network to snag users, and software flaws like the one above .. thankfully fixed … it makes it a very dangerous place out there. How many folks don’t even know it’s on their computers? Their kids put it on and went off to school, or whatever.
With the ability to land on a website that can compromise a system in one fell swoop, adding something like filesharing to any system, just doesn’t make sense. IMHO.
Also, in the last few months, I have cleaned up computers where java (the engine LimeWire runs on) may have enabled malware to be installed on systems with LimeWire. This I have seen on at least 3 computers (client computers). The LimeWire Java jars were corrupted with downloader trojans on all three of these computers. I sent this information to Ben Edelman after he had posted an article on filesharing programs recently indicating that no adware, etc. was installed by LimeWire. Ben is looking into the matter as I write this. And I told him that if I run into this situation again, I will document it and send that documentation along to him.
NOTE: Originally posted: March 2005 (recreated from mangled original bambismusings.blogspot.com)