NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q1

Subject: (no subject)
From: Ernesto Baschny (ebPEMIC.DE)
Date: Tue Mar 07 2000 - 03:14:43 CST

Next message: John Flux: "(no subject)"
Previous message: Ex Machina [xm]: "Re: spoofing the ethernet address"
In reply to: Mark L. Jackson: "(no subject)"
Next in thread: Mark L. Jackson: "Aureate Software"
Reply: Ernesto Baschny: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date sent: Mon, 6 Mar 2000 14:17:33 -0800
From: "Mark L. Jackson" <sincity_markiname.com>
To: VULN-DEVSECURITYFOCUS.COM

> This is not a 'bug' per se, but I feel it could be used to cause problems on
> your system.
>
> Has anyone worked with the Aureate Media software? I was reading another
> newsletter and they made reference to this 'phone home' software that they
> make (no name given) that is used by companies to track usage. I am
> positive I saw something similar to this on a list I am subscribed to.
>
> What it does is when you install a program that has it's app contained
> within it (cute ftp, Go!zilla, BuddyPhone, and 300 others have the app in
> their software), it surriptisously installs the app, and then it sends info
> back to the software creator. Not sure what it sends, just know it does send
> info. And that is the problem, as I see it; installed without my knowledge,
> and then sending out info with out my knowledge.

It is installed with your knowledge, as it reminds you at the start that this
software is supported through advertisment (see the screepshots at:
http://www.aureate.com/devs-n-pubs/how_we_target.html). The info it sends
back is just a survey you CAN fill in (you have the choice given to do this
or not). See Aureate statements, and also follow the links that are at the
bottom of this page:

http://www.aureate.com/privacy/falserumors.html

> My concerns are this: someone backward engineers the advert.dll, discovers
> how it works then uses that knowledge to either redirect the stream of info
> or substitute a bogus advert.dll and thus collect sensitive info from the
> system. Most people do not know it is there and since it is registered the
> system would not see it as a threat, maybe not even the admins.

One could do this to any system .dll, and "how it works" isn't so dramatic,
just TCP/IP communication, you don't need to backwards engineer advert.dll to
see how it works. As Aureate states, they only send ONE time information
from your PC to their networks, and this is when you fill in the short survey
and agree to participate.

--
Ernesto Baschny <ebpemic.de> | PEM Intercomputing GmbH
 Stuttgart - Germany          | www.pemic.de
 PGP: www.baschny.de/pgp.txt  | - SCO Premier Solution Partner
 Private: ernstbaschny.de    | - Xlink Premium PoP

Next message: John Flux: "(no subject)"
Previous message: Ex Machina [xm]: "Re: spoofing the ethernet address"
In reply to: Mark L. Jackson: "(no subject)"
Next in thread: Mark L. Jackson: "Aureate Software"
Reply: Ernesto Baschny: "(no subject)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]