Wednesday, January 10, 2007

Winny Defense Breaches

Winny, the popular Japanese file sharing program, has been linked to at least 27 cases of data exposure from the GSDF (Ground Self-Defense Forces) since 2002. According to sources, no classified data has been compromised.

Last February a big incident was discovered, which led the Defense Agency (as of yesterday, upgraded to the Defense Ministry, giving it a cabinet position for the first time since the war) to procure 56,0000 PCs to be used by SDF personnel. Why? Because they were using their home PCs for SDF-related work, due to lack of access to computers at work. Presumably it will be easier for them to prevent the installation of software such as Winny on ministry-owned computers, though repeated security breaches elsewhere via company-owned computers shows it to be no panacea.

This is the same Winny whose author was recently convicted of knowingly supporting piracy of music and movies, but as far as I know, these kinds of data leaks are unintentional. I haven't followed the details of these breaches, but I suspect it's mis-setting of the controls resulting in accidental sharing, though it's also possible that there are security holes in Winny itself.

No comments: