Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: On The Topic of HTTPS...

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 11 Dec 2004 23:38:03 -0500 (EST)


*************************************************************************
SANS NewsBites                 Dec. 8, 2004               Vol. 6, Num. 49
*************************************************************************


  --Universities Warn of Spyware-Like Application; Some Block Network
     Connections to its Servers
(6 December/30 November 2004)
IMesh, which makes a filesharing program, has begun bundling the
Marketscore application along with its product.  Marketscore routes all
traffic through its servers where it is analyzed in order to create
research reports; it also claims to speed up users' Internet
interaction.  Marketscore is able to view encrypted traffic, such as
passwords and account numbers, which presents security concerns.
Several universities around the United States have blocked connections
from school networks to Marketscore servers, angering some students.
http://www.computerworld.com/printthis/2004/0,4814,97936,00.html
http://www.wired.com/news/print/0,1294,65906,00.html
[Editor's Note (Pescatore): It is a no-brainer that any random 3rd party
site that is proxying SSL connections should be on the banned list.
There is absolutely no way they are doing any caching that is improving
SSL sessions, they can't even claim that as a benefit.]



Thanks,

Ron DuFresne



On Tue, 7 Dec 2004, Josh Welch wrote:


It appears that one company who's spyware is bundled with at least one 
p2p app has perfected the man in the middle attack.

 From the marketscore.com website
We respect your privacy, we just want to know a little about you to help 
our customers, blah blah blah... "Marketscore's proprietary and patent 
pending technology allows us to see the details of secure pages while 
protecting such content from parties other than the site to which you 
are connected..."

This is a lovely development.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

...Love is the ultimate outlaw.  It just won't adhere to rules.
The most any of us can do is sign on as it's accomplice.  Instead
of vowing to honor and obey, maybe we should swear to aid and abet.
That would mean that security is out of the question.  The words
"make" and "stay" become inappropriate.  My love for you has no
strings attached.  I love you for free...
                        -Tom Robins <Still Life With Woodpecker>


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: