Vulnerability Development mailing list archives
Re: jump2.eudora.com
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Tue, 29 Aug 2000 08:04:56 +0200
I'm sure Eudora isn't making your computer do strange and unauthorized operations. Contacting the people at eudora.com would probably be a better way to go, rather than messing with things. Since the connections to jump2.eudora.com aren't "stealth-like" or covert, people shouldn't jump the gun and think Eudora is gathering a huge database of client information, such as Real Media had done. Anyway, just my two cents.
I'm not an Eudora user, and honestly don't feel like downloading and installing it, but IMHO the question is this for Eudora and all other products with these feature: - Does the user know about it - can it be disabled if unwanted? Why is it important? Well as mentioned in my previous mail, this might actually cause problems for dail on demand setups. The users shouldn't have to spoof dns and alike to avoid it. Secondary, there are the security conserns. What if the list gets stolen, or a sniffer somehow gets installed close enough to monitor a large portion of the requests to jump2.eudora.com? A product revealing system information is kind of bedding for abuse. Theoretically, there is vulnerbility X, present in Windows version Y. Version Y is rare, hard for attackers to find, not easily detected over the net -- only they don't have to scan, eudora allready has a list of vulnerable hosts... And, an attacker who gets controll over your DNS (kind of horrible concept) or hijack the DNS [etc, etc] is surely much more likely to get users to download the trojanized product if the applications start saying "Click here for new cool features!" or something. Concept of an interesting attack: Attacker moves to an hotel/motel. First things first, he sends a forged email to DNS providers to re-point the IP of jump2.eudora.com to a server he knows has little security. Then he cracks the vulnerable server and puts up a CGI asking users to download [BO2K, DDoS clients, other horrible things you can imagine] ... He checks out of the motel. Police needs quite a bit of luck to catch him, and he now has a growing number of slaves to perform whatever this fellow has his mind set to do... The software really doesn't have to do 'strange' things, or gather personal information, in order for update checks to be a problem. On the other hand, people running outdated software is a problem as well :) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- jump2.eudora.com William Daskaluk (Aug 27)
- Re: jump2.eudora.com Matt Zimmerman (Aug 28)
- Re: jump2.eudora.com Brad Griffin (Aug 28)
- Re: jump2.eudora.com Erik Tayler (Aug 28)
- Re: jump2.eudora.com Bluefish (P.Magnusson) (Aug 29)
- Re: jump2.eudora.com Brad Griffin (Aug 28)
- Re: jump2.eudora.com Teicher, Mark (Aug 29)
- Re: jump2.eudora.com Matt Zimmerman (Aug 28)
- Re: jump2.eudora.com Fabio Roccatagliata (Aug 28)
- Re: jump2.eudora.com Schlachter, Jake (Aug 28)
- <Possible follow-ups>
- Re: jump2.eudora.com Robert G. Ferrell (Aug 28)
- Re: jump2.eudora.com Perry Anton (Aug 28)
- Re: jump2.eudora.com Brad Griffin (Aug 28)
- Re: jump2.eudora.com Dragos Ruiu (Aug 28)
- Re: jump2.eudora.com Jonathan Rickman (Aug 28)
- Re: jump2.eudora.com Blair Strang (Aug 28)
- Re: jump2.eudora.com Wolfgang Gassner (Aug 29)