Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
White Dwarf Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Nest
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions, OSR, & D&D Variants
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
EN Publishing
Twitter
BlueSky
Facebook
Instagram
EN World
BlueSky
YouTube
Facebook
Twitter
Twitch
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions, OSR, & D&D Variants
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Upgrade your account to a Community Supporter account and remove most of the site ads.
Enchanted Trinkets Complete--a hardcover book containing over 500 magic items for your D&D games!
Community
General Tabletop Discussion
*Geek Talk & Media
die_kluge you are not alone!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="der_kluge" data-source="post: 2118108" data-attributes="member: 945"><p>Yea, it's a serious problem, one that neither Bearshare, nor Turbotax seem concerned about.</p><p></p><p>Here's the problem: Bearshare has a setup feature which allows you to scan your drive looking for media files. Normally I wouldn't bother doing this, but it seems there is a bug in Bearshare's configuration process which causes it to just abort during setup. So, for the longest time I was always having to start this process, and just cancel out of it. So, in some vain attempt at trying to get it to finish, I thought I would try every step, and that was one of them. What I didn't realize was that in doing so, I set up my "my documents" folder to be shared, since under that folder is "my pictures" and "my music". And since there were at least a couple of Windows pictures in the "my pictures" folder, it added the entire directory structure to my "library" as Bearshare calls it.</p><p></p><p>Low and behold, TurboTax saves it's *.tax files in the "my documents\turbotax" folder (IIRC).</p><p></p><p>So, just on a whim I decided to log into Bearshare's upload queue to see what people were downloading from me, and I see my tax return sitting in a queued state. Of course, I immediately freaked, and removed it from the queue. Then I promptly modified my library settings. Fortunately, I had turned on my logging to show upload statistics, and I was able to verify that no one had gotten a chance to download it from me. It totally scared the heck out of my wife, though.</p><p></p><p>For curiosity, I downloaded someone else's .tax file, randomly. Sure enough, I was able to open the file without incident. I could see their social security numbers, their home address, the social security numbers of all their dependents, and their income. Worse yet, if someone chooses to auto-file, you could get their bank name and routing numbers from that file. It's not encrypted at all.</p><p></p><p>There are at least two solutions which need to occur, preferably both. Bearshare needs stop adding "my documents" to the library. This is, IMHO, unacceptable. People store their resumes, budgets, living wills, and all kinds of personal stuff here. Fortunately, Bearshare has a list of extensions which it, by default, hides. This includes stuff like .dll and other system files that people aren't going to want to download directly. Bearshare could, very easily, simply add ".tax" to this list. That would be a very easy change. Lastly, TurboTax needs to encrypt their files. They could do this with an encryption key unique to the computer generating the tax file. So, if you are not the computer where the file was generated, you wouldn't be able to open it. That is a more difficult solution, but something TurboTax needs to take a serious look at.</p><p></p><p>I hesitated in doing it, but I posted a thread on the Bearshare forum about this problem. I said I hesitated, because the more people know that it's a problem, the more likely are some unscrupulous people could go and download the files. Last I checked, there were over 400 turbotax files in Bearshare, and the number will only increase the closer it gets to tax season.</p><p></p><p>My criticisms fell on deaf ears on the Bearshare forum despite numerous people agreeing that it was a problem, though most decided that it was a problem "for all p2p networking" and therefore somehow lessened Bearshare's responsibility to fix it. I also posted an email on the TurboTax website regarding the problem, and I even mentioned that I was notifying the media, to see if that would spark them into fixing the problem. I suppose it's possible that they have, I guess. They could have issued a bug fix for this, and then just not advertised it. With TurboTax you can download bug patches internally with an update option. I haven't ran it in over a month, though I still do need to wrap up my taxes.</p><p></p><p>I also tried mentioning it on Fark, Slashdot, and wired.com and they all ignored me. That link timed out on me, but it's good to see that at least some people are trying to get the word out.</p></blockquote><p></p>
[QUOTE="der_kluge, post: 2118108, member: 945"] Yea, it's a serious problem, one that neither Bearshare, nor Turbotax seem concerned about. Here's the problem: Bearshare has a setup feature which allows you to scan your drive looking for media files. Normally I wouldn't bother doing this, but it seems there is a bug in Bearshare's configuration process which causes it to just abort during setup. So, for the longest time I was always having to start this process, and just cancel out of it. So, in some vain attempt at trying to get it to finish, I thought I would try every step, and that was one of them. What I didn't realize was that in doing so, I set up my "my documents" folder to be shared, since under that folder is "my pictures" and "my music". And since there were at least a couple of Windows pictures in the "my pictures" folder, it added the entire directory structure to my "library" as Bearshare calls it. Low and behold, TurboTax saves it's *.tax files in the "my documents\turbotax" folder (IIRC). So, just on a whim I decided to log into Bearshare's upload queue to see what people were downloading from me, and I see my tax return sitting in a queued state. Of course, I immediately freaked, and removed it from the queue. Then I promptly modified my library settings. Fortunately, I had turned on my logging to show upload statistics, and I was able to verify that no one had gotten a chance to download it from me. It totally scared the heck out of my wife, though. For curiosity, I downloaded someone else's .tax file, randomly. Sure enough, I was able to open the file without incident. I could see their social security numbers, their home address, the social security numbers of all their dependents, and their income. Worse yet, if someone chooses to auto-file, you could get their bank name and routing numbers from that file. It's not encrypted at all. There are at least two solutions which need to occur, preferably both. Bearshare needs stop adding "my documents" to the library. This is, IMHO, unacceptable. People store their resumes, budgets, living wills, and all kinds of personal stuff here. Fortunately, Bearshare has a list of extensions which it, by default, hides. This includes stuff like .dll and other system files that people aren't going to want to download directly. Bearshare could, very easily, simply add ".tax" to this list. That would be a very easy change. Lastly, TurboTax needs to encrypt their files. They could do this with an encryption key unique to the computer generating the tax file. So, if you are not the computer where the file was generated, you wouldn't be able to open it. That is a more difficult solution, but something TurboTax needs to take a serious look at. I hesitated in doing it, but I posted a thread on the Bearshare forum about this problem. I said I hesitated, because the more people know that it's a problem, the more likely are some unscrupulous people could go and download the files. Last I checked, there were over 400 turbotax files in Bearshare, and the number will only increase the closer it gets to tax season. My criticisms fell on deaf ears on the Bearshare forum despite numerous people agreeing that it was a problem, though most decided that it was a problem "for all p2p networking" and therefore somehow lessened Bearshare's responsibility to fix it. I also posted an email on the TurboTax website regarding the problem, and I even mentioned that I was notifying the media, to see if that would spark them into fixing the problem. I suppose it's possible that they have, I guess. They could have issued a bug fix for this, and then just not advertised it. With TurboTax you can download bug patches internally with an update option. I haven't ran it in over a month, though I still do need to wrap up my taxes. I also tried mentioning it on Fark, Slashdot, and wired.com and they all ignored me. That link timed out on me, but it's good to see that at least some people are trying to get the word out. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Geek Talk & Media
die_kluge you are not alone!
Top
