Computer Services

Tel 650.548.1010
Burlingame, CA USA



Is Your Hard Drive Wide Open?

The Single Most Important Security Breach Known Today

Originally posted July 31st, 2001

Revised on

August 26th, 2001 front page

| How its done

| Why are they sharing their files?

| What can you do to protect yourself

| What am I doing about it

| Updates

| Contacts


If you're reading this then you probably think that your data files on your computer are safe.

Think again!

Did you know that there are dozens FREE programs on the internet that anyone can download that scan the internet to see the entire contents of someone's computer files? It's true. It's legal. You don't even need to use a program. Microsoft Windows has this browsing capability built in. It's as easy as opening up your browser! PC Magazine and several others have published articles on where to get the software and how to do it.

In fact, most internet providers KNOW about this and do hardly anything about it. They know there are hundreds if not thousands of their users vulnerable right now and so do the hackers. It doesn't even take a hacker to access your computer files. Anyone can connect to your C Drive right now if your File Sharing is on. This is the utmost easiest way to access someones data today on the internet yet it gets no airtime at all.

On Saturday July 28th, 2001 I ran a scan using one of these programs to see if anything would show up. I didn't expect much. In the past, I've run scans using older scanner software and didn't find much. If I ran a scan for a day I might find 1 or 2. I found literally hundreds and hundreds of open computers with shared files ready for anyone to look at. I was absolutely amazed to say the least! I've always known that there are users out there right now with their sharing option turned on but I had no idea I would find so many users ignoring it.

If this is freaking you out you're not alone. I took it upon myself to contact of few of these users to alert them to the security threat. It's not against the law for me to do so. My intent is to notify the user of their vulnerability (see Fed code Title 18, Section 1029 & 1030). So far I've contacted over 30 people and with no negative responses at all (almost none anyway...). Most of the people I contacted were very appreciative of my efforts to call them and let them know about their open shares on their computers. I found; doctors, lawyers, accountants, a police officer, dentists, shipping companies, and a large import/export company in southern California. The rest were your average end user with no idea what is going on. What could I see? EVERYTHING! As if I was sitting right there in front of their PC. I had total access to everything they did.


How It's done...

There are free programs out there right now that can be downloaded in less than 1 minute if you know the right keywords that have the capability of scanning thousands of computers an hour. About 5 - 10 percent of all computers that I scanned returned the users Computer Name, address and all shares available like CDRIVE, PRINTER etc. And yes, most had ALL their files available for anyone to access. In fact, this one particular program I found to accomplish this made it very easy to do. It didn't even require a installation process. All I did was click on Download from the site hosting this (by the way its a legitimate company), and there it was. One file. I double-clicked on the file to run the program and then up pops the program (it's only 220k. you could put 7 copies of it on 1 floppy diskette). I then clicked on SCAN... and here came the computers... all of them with open C drives! The interface of this program opens a window that looks just like folder on your desktop. I saw directories similar to this one below:

Here's a sample:

I could then browse the drives...

Here it is... on John Q. Smiths computer system...

Okay, pull your jaw up off the table...

You may think you're protected with that firewall software but one of the users I contacted had McAfee Firewall and I still got on his system. Older versions of Zone Alarm had problems as well, but the guys at Zone Alarm according to Jim Aspinwall, have a patch available for you free loaders but if I were you I'd anti-up for the Pro version for much better protection.


Another way to see if you can see yourself on the net is have a friend check to see if they can see your computer. You don't need this scanning software to accomplish this. All you do on your computer is go to this webpage Write down the number you see there. It looks kind of like this Now call your friend and have them open My Computer (make sure their on the internet first...). Now have them click on the My Computer address bar (seen below) and enter the IP address you got from the website like it's pictured below. You'll need to put 2 backslashes in front of the number then press enter...


If you see anything in the following folder, then the internet community can see it too. If you didn't intend to share anything then turn off your File Sharing under the Network Neighborhood or My Network Places if you have Windows ME (see instructions).

If you turned off File Sharing ask your friend to check again for you to see if it worked. You may have to reboot your computer for the changes to take effect.


Why are they sharing their files?

I feel that MOST don't know that their File Sharing is turned on. Why would it be? If they just have one computer on the DSL line then why turn on sharing? Did the tech that installed the DSL line turn it on with hopes of accessing their system after leaving? Back when providers of DSL service started offering connections, they were so swamped with calls for installations that many of these DSL providers just started hiring as many technicians as they could. I know because I had seen these trucks of various shapes, sizes and colors that weren't your standard looking utility vans slapped with a magnet sign on the doors identifying the company. Maybe these DSL providers lowered their standard screening process for hiring and a few unscrupulous technicians (just speculating here kids) got through the cracks.

 08.04.01 - Back when DSL was new, most installations consisted of a black box called a Alcatel 1000 and network card by Kingston (KNE110tx), some cable and that's it. When I got DSL they gave me a permanent or static address as they say. Setting up DSL was easy. You just plug in the DSL box to the power outlet, installed the network card, connected the DSL box to your network card, let Windows detect it, and follow the instructions in the setup booklet for setting up a network connection.

After a while, I think the DSL providers were running out of addresses for people so they adopted a new scheme called PPOE or Basic DSL as it was sold. Most people have this type of DSL now.
With PPOE or Basic Installation you got a different DSL black box, a choice of a network card or USB network connection and some software on a CD called EnterNet 1.x. When you turned on your computer you were assigned a address from a range of numbers. This was kinda cool because when you logged on you got a different number each time. Would be hackers and lurkers would have a harder time finding you because everytime you logged in, you got a different address. This was a pretty cool mini-security feature.

Now, I don't know for sure or not because I'm currently running tests but I am simulating installations following the instructions from the DSL provider to see if the software or something in the installation process TURNS ON FILE SHARING without your knowing about it leaving you wide open to hackers...

There is also another security problem. A lot of people had Windows 3.1, then Windows 95, then Windows 98 and so on. Guess what... If you upgraded your computer like this without erasing the hard drive each time between each upgrade and you had any kind of network access albeit a modem, DSL or whatever... the old networking protocols leftover from Windows 3.1 or 95 may still be there and turned on!

nuf said...

Most of the users scanned are DSL users. I'd say about 75%. Some were modem users. Many of them are webmasters hosting small websites that run from their computer, many are just sharing public domain like files, I even found people sharing hundreds of MP3 files, but most I think are completely unaware that their systems are vulnerable. Microsoft Windows has a program that comes with Windows 98 called Personal Web Server. PWS let's a budding webmaster practice hosting a website from their computer over the internet or in within a company. This program as many of Microsoft's products has flaws and security issues:

Here's a know problem when running the PWS:
Q217763 - File Access Vulnerability in Personal Web Server

Windows 98 and Windows ME lets users share their directories over the internet as well. Why anyone would do this is beyond me. To disable this feature requires a few clicks of the mouse. I found a link here on's website that illustrates how to share directories and files in your office/home but not to through the internet. If you think you're vulnerable go ahead and implement this. I highly recommend doing it.

My belief as to what really happed is that when the users of these computers ordered DSL and the technician came by to install the network card and software, they didn't check the users computer for shared files. At the very least the tech should have informed the user to buy a firewall to complement the DSL/modem they installed with the DSL service. A big yellow piece of paper would've been nice with big bold letters on it saying to get a firewall. That would've been prudent I think.


What can you do to protect yourself

If you think you're vulnerable don't take any chances.

  • To be 100% safe you can unplug your broadband connection equipment from your computer or at least turn off your file sharing until you figure out what to do.

  • Another option; Turn off File Sharing over the Internet. Microsoft has a technical article (Q199346) for dialup users and broadband DSL/Cable users. Click here to read it. This leaves your sharing turned on for the other computers in your house or small office and stops cold the internet lurkers from peering into your files.
    If you take a computer back and forth from work to home, you'll need to talk to your System Administrator and they can setup a PROFILE for you on your laptop. Your systems guys should have already done this. You better double check with them to make sure.

  • Configuring NetBIOS for Optimum Security | How to by MH ( Under Construction )
    Set up your NetBIOS for maximum Internet security. Being on the Internet and using file and print sharing through NetBIOS can expose you to security risks.

  • Test your system with Steve Gibson's Shields Up website (its free). If the report comes back indicating you're okay then great.

  • Download the free Zone Alarm, buy a hardware DSL / Router / Firewall like a Linksys BEFSR11/BEFSR41 or comparable unit (you can then turn your file sharing back on).

  • Read the articles on the right column about protecting your computer. One is by my good friend Jim Aspinwall. Jim writes columns for CNET, and is a author of several technical books and Steve Gibson, also a expert on internet security has authored many security related software programs and papers.


What am I doing about it?

I have contacted our local DSL provider. I haven't heard back yet... interesting. Maybe they knew about this for months/years and have neglected to take any action to safeguard their customers. At the very least they could have slipped in a that bright yellow paper in the material you received indicating this vulnerability.

I have also contacted a attorney to see if there isn't anything that can't be done to nudge the broadband providers in the right direction.

If you have any questions, you can call (650) 548-1010 or email me.


Check back here for updates...



09.01.01 - Jackie Spiear

08.26.01 - Front Page News!!
That's right, my message finally gets to the masses via the San Francisco Chronicle. August 26th, 2001. Front page continuing on to page A18. A great many thanks to Elizabeth Fernandez and Carrie Kirby staff writers.

08.21.01 - 20/20 Calling...
Looks like they want to do a segment about it. They called and asked me to fax this webpage to them in New York... We'll see what happens...

08.04.01 - Bob O'Donnell Computer Show KSFO AM
I was calling the show today since it aired to get on and talk about this at 415.808.5600 but I couldn't get through. So I sent a few email's about the issue to Bob. Bob read one of the email's on the air (THANK YOU Bob!!) directing users to this report on my site. Thank you again Bob.

08.04.01 - Onward...
I'm continuing my scans of my DSL provider today. Instead of contacting the user directly, I've decided to notify my DSL's security department of the open shares. This way I can still help more people at a faster pace. I think this is a better plan all together.

08.04.01 - Under the radar...
Thinking my DSL provider is masking my IP so I can't do scans I borrowed a friends dialup account and disconnected my DSL line to test to see if I could see the hundreds of users that were open last week. I found a few on the address range that my friends dialup account was on, but not near as many as last week.

08.04.01 - Periscope down!
Started doing a scan today for computers again and it seems that nothing is coming back. Interesting... I haven't got one single hit! Nothing. Either (my DSL provider) is either blocking my ability to scan or they have finally done something about it. Finally! Geez. I guess the pressure got to them with the reporters on the way and everything...

08.03.01 - The Big Gun
Had a great conversation with my good buddy Scott Garee (whom I've know since jr. high), a real network security professional at Convex computing located in Texas. I probed him with all kinds of questions about internet security issues. He too is very aware of all the open shares on individuals PCs on the internet. His opinion on the matter; yeah, so what. If you're dumb enough to share your files then you deserve what you get.
He also said that @Home has a policy in place to trap Scanners from looking at addresses on their network that works pretty well, but a lot of networks don't implement this security feature Scott says, that's built in to most routers today that corporate networks purchase. He goes on to say that all internet providers are aware of this and it's a major concern. Some like @Home implement the trapping of scanners but networks with large pipes (lots of connections) have very small logs and it's a pain to catch every little 13 year old that start his hacking career. There's also another issue and that's the responsibility issue. If a network like @home implements the security feature to trap most scanners and then something new comes along or someone defeats that, then they might be liable. Scott said a smart lawyer could open up a big can of worms saying that @Home could be dragged into court with a complaint saying they didn't do enough. On the other hand other big networks who choose to do nothing could also be liable. But if you read any of the privacy agreements of these network providers you see that they are not liable for your accidental or intentional actions of sharing your files.

Also... I setup a Honeypot on my network here. A Honeypot is a PC setup to look like a regular computer user connected to the internet. When someone connects to the PC and starts downloading files the Honeypot will log their address and any files looked at. I will then turn over the log to the security dept. of my DSL provider.

08.02.01 - Here come the Feds...
While attempting to get my message out to any mass media entity that would listen, namely Channel 7's 'Seven on your Side' I was told via email that they don't want to handle it. Here's the email...

Thank you for writing 7 On Your Side. Unfortunately
we are unable to assist you with your problem.
However, many other resources are available, most
free or available at a low cost.

There are many government agencies set up to deal
with both consumer and non-consumer issues. If you
need assistance determining which agency would be
appropriate, contact the Federal Information Center.
It can be reached by telephone at (800) 688-9889 or
on the Internet at Alternately,
there are many resources available through the
California Department of Consumer Affairs. It can be
reached at (800) 952 5210, or on the Internet at

We hope this information is helpful. Thank you for
watching and thank you for writing.

So I started calling... I got the Federal Information Center guys on the phone and told em in a nutshell what's happening. They then transferred me to the National Infrastructure Protection Center or NIPC. After I summarized the story for them I was put on hold while they got the Chief Director on the phone for me and they told me that tomorrow morning I'll be getting a phone call about the proceedings. They were VERY interested. Gave the website where the software can be downloaded and they checked it out with me as I was on the phone talking about it (very impressive).

08.01.01 - On The Radio
CNET radio
here on 910AM in San Francisco allowed me to get on the air with Alex Bennett to inform the listeners about the file sharing over DSL. I didn't get to talk as long as I wanted to due in part to a technical problem (they kept saying they couldn't hear me... dam). Anyway I got the word out <waving flag>.

08.01.01 - The Eagle Has Landed!
My DSL provider's privacy department called me today. After a 30 minute conversation explaining everything in detail to her I was assured that this was to be a High Priority matter. Even more so than the so called Code Red virus scare that's going on now on all the news wires. She was very sympathetic and eager to jump on it she led me to believe. She even downloaded one of these program and ran it while I was on the phone with her and she too found dozens of unsecured computers. She agreed with me that something must be done.

Called my DSL provider today. Was on hold for 45 minutes. Got nowhere... They said they would call me back, took my number etc...
Called an attorney who is a client of ours. He's very interested. He too is contacting my DSL provider.

I received an email from one of the users I contacted today expressing his extreme unhappiness with me for looking at his computer system. He told us that wanted us to stop scanning his computer (I only did it once). I tried to assure him that nothing was taken off (and it wasn't). He persisted to say I broke the law and 'exploited' his data. Nothing of that sort happened. Many of the people I contacted were extremely thankful for our efforts to take the time and money to send on this effort to notify them.

I'm not going to let this (1) complaint get us down. The other 99 people I contacted are now OFF the internet and their files are safe from prying eyes. I think my one complainant was disturbed by the fact that another computer person (he was a computer guy too) could get into his system. I know I would feel embarrassed myself if somebody did that to me. I wonder how many other people have already been in his system and looked at his file without him knowing about it. Oh well, I guess No Good Deed Goes Unpunished...

Lets look at our intent here for a moment; if you Ire walking down the street and found a wallet would you not look inside to find the owner and then use that information to contact them to give it back? What if you Ire walking down the street and found some ones keys? Would you not do something to get it back to them? I would. But that's me I guess. I guess people today have a warped view on life or are so myopic that they only see what they see.

Anyways, I have stopped scanning for more computers. Not because of this complaint, but because I are too busy helping those 99 others help themselves get off the net.



Mike Chukov
Consultant / Computer Buddy

Jim Aspinwall
Consultant / Author / Cnet writer

Elizabeth Fernandez
San Francisco Chronicle / staff writer

Carrie Kirby
San Francisco Chronicle / staff writer

Steve Gibson
Security Consultant

FBI Computer Crime Lab

NIPC - National Infrastructure Protection Center

CERT - CERT/CC Vulnerability Notes Database








Check Your System Now!
Steve Gibson's Test Site to see if you're open!

Turning off your File Sharing

Windows File Sharing 101

Exploitation of Unprotected Windows Networking Shares > over the Internet

Turn Off Your File Sharing!!
Great instructions from ACN

Remove File Sharing
by Secure Design

Hack Attack Targets Verizon, AT&T Wireless
June 30, 2001
Users' Social Security numbers and other personal data may have been exposed online.

Privacy Matters
Recent developments in privacy law and net surveillance.

Fortress PC
Snoops, hackers, and viruses abound online. We identify all the tools you need to defend yourself against these hazards.

Hacker Nation
Hackers tell us about themselves in their own words.

The Complete Guide to Internet Privacy
by Jim Aspinwall

Can anyone crawl into your computer while you're connected to the Internet?
by Steve Gibson

Internet Fraud Watch

On Guard at Home
Great Article from PC Mag
June 12, 2001

FBI Security Study

Attack The Hack

Important Security Alert
From Microsoft on Internet Explorer

Network.vbs Virus
Cert Advisory

Network.vbs Worm Info
by Abe Singer

Home of one of the better personal firewalls.

Cable Modems & xDSL Security
Some good quick broadband security tips.

Cable Modem Privacy and Security
This site is dedicated to cable modem users and has a lot of good information on privacy and security.

Learn about and download one of the best personal firewalls on the Internet.

Microsoft withdraws claim about new product's protection against viruses, hackers.

Broadband users beware of hackers.

Web Gives Lessons in Civic Duty.

Broadband users beware of hackers
Lawrence Magid
If you have a broadband Internet connection such as a DSL or cable modem, the good news is that you probably enjoy full-time high-speed access to the Internet. The bad news is that someone else co...

Windows ME adds PC care, online integration, digital media
Henry Norr
It's difficult to resist the temptation to poke fun at Microsoft's claim that Windows Millennium Edition, the new version that goes on sale today, is ``a simpler, more robust and more useful opera...

Web Gives Lessons in Civic Duty
Henry Norr
Judging by the Internet ads on TV -- or, for that matter, the press releases that flood tech reporters' in boxes -- you could be forgiven for concluding that the Internet is all about e-commerce a...

Remains of the data
Some firms that close auction off computers, neglect to delete confidential information

Carrie Kirby
Jamie Flournoy got more than he bargained for when he bought four laptops in an auction a few months ago -- left on the computers' hard drives were reams of private information, including e-mails, a...

Microsoft withdraws claim about new product's protection against viruses, hackers
D. IAN HOPPER, AP Technology Writer
(08-17) 11:01 PDT (AP) -- AH: With BC-Microsoft-Antitrust, Bjt...

Germ warfare
Battle against computer viruses escalate

Carrie Kirby
After hours of tinkering with Zmist, the most complex computer virus he's ever seen, researcher Peter Szor has figured out how it works...

Microsoft's Virus Patch Draws Fire
Henry Norr
The Microsoft Outlook e-mail security update I mentioned last week finally...

10 Steps to Prevent Internet Sabotage
Peter Sinton