Security worries prompt P2P upgrade
Earthstation 5 releases a new version of its file-sharing software, minus a feature that one programmer says could let attackers delete files on a user's computer.
The concerns were raised in a bulletin posted to security lists last week by a programmer with the pseudonym Random Nut, who
In an e-mail statement sent to CNET News.com on Monday and attributed to Earthstation 5 chief programmer "Filehoover," the company acknowledged that the security problem did exist. However, it added that the glitch had been part of an automatic remote update feature that had been removed in the new version of the program, which was available Monday.
"We completely removed the automatic software upgrade code because--as it turns out--automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so," Filehoover said in the statement, which was also posted on file-swapping Web forums.
Earthstation 5 is the most flamboyantly outspoken of a new generation of file-swapping companies that hope to win people from Kazaa and other popular networks by offering increased privacy.
Although Earthstation 5's origins are difficult to verify, its backers say the company is based in Palestinian refugee camps in the West Bank--for practical purposes, outside the reach of the American recording industry and movie studios. The company has gone as far as posting copies of first-run movies on their servers for download and streaming.
The company has also quickly won a reputation for spreading discord amid an already fractious file-swapping community. The service's chat boards are full of distain for other services and forums, with criticisms of those other networks and their developers often taking a bitterly personal slant.
Random Nut declined to give his identity, but did confirm that he had been involved in the development of a version of Kazaa Lite, an unauthorized version of the Kazaa software from which advertising and other components have been removed. However, the programmer said Earthstation 5 had misidentified him in their widely posted statement.
In an e-mail, Random Nut said that the most recent security flaw should point out the dangers of trusting their privacy to proprietary software.
"I think it shows that most closed-source software isn't secure," Random Nut said. "If ES5 had been open source, this feature wouldn't have existed in the first place."