|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: (no subject)
From: Mark L. Jackson (sincity_mark
INAME.COM)Date: Mon Mar 06 2000 - 16:17:33 CST
- Next message: Eric Hacker, Cybershaman: "Windows NTLMv2 dictionary attacks."
- Previous message: Eric Hacker, Cybershaman: "Re: ALLADVANTAGE Privacy Concern"
- Next in thread: Ernesto Baschny: "(no subject)"
- Reply: Ernesto Baschny: "(no subject)"
- Reply: John Flux: "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings all,
This is not a 'bug' per se, but I feel it could be used to cause problems on
your system.
Has anyone worked with the Aureate Media software? I was reading another
newsletter and they made reference to this 'phone home' software that they
make (no name given) that is used by companies to track usage. I am
positive I saw something similar to this on a list I am subscribed to.
What it does is when you install a program that has it's app contained
within it (cute ftp, Go!zilla, BuddyPhone, and 300 others have the app in
their software), it surriptisously installs the app, and then it sends info
back to the software creator. Not sure what it sends, just know it does send
info. And that is the problem, as I see it; installed without my knowledge,
and then sending out info with out my knowledge.
My concerns are this: someone backward engineers the advert.dll, discovers
how it works then uses that knowledge to either redirect the stream of info
or substitute a bogus advert.dll and thus collect sensitive info from the
system. Most people do not know it is there and since it is registered the
system would not see it as a threat, maybe not even the admins.
I have checked all of our systems for the advert.dll (the central part of
the system. you will have to remove it and the registry refs to get rid of
this) so I have no way of knowing what it is doing. If anyone has info on
the workings of this program I am sure people on this list would like to see
it. I have read several stories on this and some of the claims seem bizarre,
but since I do not have a copy to play with, and won't; I was hoping some
one had seen this.
Here are some relevant links:
http://209.41.41.165/newsletters/2000/mar-02-00.htm#4
http://www.hardocp.com/news_images/2000/february_2000/aureatespying.html
http://news.cnet.com/news/0-1005-200-1558696.html?tag=st.ne.1002
http://www.kumite.com/myths/myths/myth036.htm
Mark L. Jackson
mark_l_jacksonbigfoot.com
A computer scientist is someone who, when told to 'Go to Hell', sees the 'go
to', rather than the destination, as harmful.
- Next message: Eric Hacker, Cybershaman: "Windows NTLMv2 dictionary attacks."
- Previous message: Eric Hacker, Cybershaman: "Re: ALLADVANTAGE Privacy Concern"
- Next in thread: Ernesto Baschny: "(no subject)"
- Reply: Ernesto Baschny: "(no subject)"
- Reply: John Flux: "(no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]