Online file transfer – the next P2P?

Matt Keil


Category: Firewall

ANALYSIS – In recent months, new online file transfer and storage applications have popped up with increasing frequency and the latest, Docstoc makes concerted efforts to simplify the upload process by installing an applet on your desktop. Docstoc differentiates itself by claiming that they want to be the Youtube of professional documents – a place where you can find template NDAs, privacy statements and so on. Moving large files around can be painful and file sizes show no signs of getting smaller – video, graphics images, etc are all conspiring to continue this trend. Email limitations and users who cannot or do not want to use FTP are two cases where these new applications can be helpful. Simplifying the task of the file transfer process is a positive thing. But then again, the reason P2P technology was developed was for the same purpose – to move files around.

The Docstock messaging, combined with the file transfer capability raises many security issues. First is privacy. Imagine uploading an NDA or licensing contract and forgetting to delete the company name. The next is compliance. Most companies really do not want these types of files to be sent to the general public. The next of course is security. Word, Excel, PDF all are known threat delivery mechanisms. And not to be left out, there is clearly a data loss risk element – or perhaps it should be called the OOPS factor – I didn’t mean to send that file.

At a higher level, the question becomes, will these applications become the next P2P in that users will inadvertently share the wrong information? Granted the audience that receives the URL for the file is smaller than that of a P2P network, but ones the URL and associated file are “in the wild” we all know there is no way to pull it back. Like P2P applications, users should exercise caution when with file sharing applications, particularly those that install applets or toolbars on the desktop. And because they use Port 80 typically, enterprises will need to add yet another type of application to their “watch and control” list.

Click here to view the TechCrunch article.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS