Want CNET to notify you of price drops and the latest stories?

@Home user files may be at risk

The cable modem service says it has plugged a hole that left the computer files of some of its users vulnerable to hackers.

Jeff Pelline Staff Writer, CNET News.com
Jeff Pelline is editor of CNET News.com. Jeff promises to buy a Toyota Prius once hybrid cars are allowed in the carpool lane with solo drivers.
Jeff Pelline
2 min read
@Home (ATHM) has updated its software to prevent subscribers of its cable-modem service from sharing each other's files or viewing them without permission.

The vulnerability arose because @Home's cable-modem users were activating the file-sharing feature in Windows 95 without protecting those files with passwords. @Home deliberately switches file sharing off when installing the service, and warns customers that working in such a manner is a violation of the company's terms of service.

In addition, the company has made changes to its software on the server side so that users can share files only within their own homes if they have more than one computer. The software automatically prevents users from sharing files beyond the home.

The move brought some criticism over the weekend, as a few subscribers complained to NEWS.COM that file sharing is an integral part of using a network and that @Home shouldn't restrict its subscribers.

"If an individual shares resources on his/her system without making any considerations for security, the consequences should fall on the individual, not the service provider," wrote one @Home subscriber. "I feel that it constitutes a knee-jerk reaction to a new situation. A better solution would be to offer the blocking to those customers who request it rather than autocratically disabling features in a customer's service."

But the company maintained that file sharing beyond the home is not what the service is intended to do.

"They can now file share between the computers within their homes," said spokesman Matt Wolfrom. "But it's a residential service for individuals, not a business service to run over a LAN [local area network]."

For users who want to access files on their office systems from home, Wolfrom suggested attaching files to email messages and taking advantage of the service's high-bandwidth access speed.

@Home also runs a business-specific service called @Work, but Wolfrom denied that the move to keep users from sharing files externally is intended to drive business for @Work.

"It's more a move to protect our users," he said.

@Home currently has 26,000 subscribers, while @Work has signed up 300 customers, according to Wolfrom.

The file-sharing problem is not new, nor is it limited to @Home, which offers high-speed Net access via cable systems. But it came to light again last week when Glen Hamilton, an @Home subscriber in Fremont, California, noticed that it was possible to see other users' files from his own PC--assuming certain conditions were met--and contacted the media.

As of today, Hamilton said he can no longer see other subscribers' resources. @Home says it fixed the problem at the end of last week.