Re: jump2.eudora.com

["Bluefish (P.Magnusson)" <11a () GMX NET>]

> I'm sure Eudora isn't making your computer do strange and unauthorized
> operations. Contacting the people at eudora.com would probably be a better
> way to go, rather than messing with things. Since the connections to
> jump2.eudora.com aren't "stealth-like" or covert, people shouldn't jump the
> gun and think Eudora is gathering a huge database of client information,
> such as Real Media had done. Anyway, just my two cents.

I'm not an Eudora user, and honestly don't feel like downloading and
installing it, but IMHO the question is this for Eudora and all other
products with these feature:

  - Does the user know about it
  - can it be disabled if unwanted?

Why is it important? Well as mentioned in my previous mail, this might
actually cause problems for dail on demand setups. The users shouldn't
have to spoof dns and alike to avoid it.

Secondary, there are the security conserns. What if the list gets stolen,
or a sniffer somehow gets installed close enough to monitor a large
portion of the requests to jump2.eudora.com? A product revealing system
information is kind of bedding for abuse. Theoretically, there is
vulnerbility X, present in Windows version Y. Version Y is rare, hard for
attackers to find, not easily detected over the net -- only they don't
have to scan, eudora allready has a list of vulnerable hosts...
And, an attacker who gets controll over your DNS (kind of horrible
concept) or hijack the DNS [etc, etc] is surely much more likely to get
users to download the trojanized product if the applications start saying
"Click here for new cool features!" or something.

Concept of an interesting attack:
Attacker moves to an hotel/motel. First things first, he sends a forged
email to DNS providers to re-point the IP of jump2.eudora.com to a server
he knows has little security. Then he cracks the vulnerable server and
puts up a CGI asking users to download [BO2K, DDoS clients, other horrible
things you can imagine] ... He checks out of the motel. Police needs quite
a bit of luck to catch him, and he now has a growing number of slaves to
perform whatever this fellow has his mind set to do...

The software really doesn't have to do 'strange' things, or gather
personal information, in order for update checks to be a problem. On the
other hand, people running outdated software is a problem as well :)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team