Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: CyberSitter trashes computer

From: Dave Farber <farber () cis upenn edu>
Date: Sat, 21 Feb 1998 13:42:21 -0500
Date: 20 Jan 1998 18:46:02 -0500
From: Jered J Floyd <jered () mit edu>
To: fight-censorship () vorlon mit edu
Subject: glen mccready: CyberSitter to the rescue.


Subject: CyberSitter to the rescue.
Date: Tue, 20 Jan 1998 16:08:19 -0500
From: glen mccready <glen () qnx com>


Forwarded-by: Faried Nawaz <fn () LISP-READER Hungry COM>
Forwarded-by: acb () zikzak net (Andrew C. Bulhak)
Forwarded-by: Matt Curtis <mattc () beam com au>


This is from the PerForce mailing list, PerForce is a source code
control system that doesn't use mounted drives, but instead uses
TCP/IP socket communications to check code in and out.


- ----- 


Well, I just spent several hours tracking something down that I
think is SO braindead that it must be called evil.  I hope this
will save someone else some hassle.  


There's an NT box on my desk that someone else uses every now and
then.  This machine is otherwise used as my programming box and
backup server.  


All of a sudden, my programming files were being corrupted in odd
places.  I thought "hmm, my copy must be corrupt".  So I
refreshed the files.  No change.  "hmm, the code depot copy must
be corrupt"..  Checked from other machines.  No problem there.
Viewed the file from a web based change browser in Internet
Explorer.  Same corruption in the file.  Telnet'd to the server
machine and just cat'd the file to the terminal.  Same problem. 
What's going on? 


The lines that were corrupted were of the form
#define one 1 /* foo menu */
#define two 2 /* bar baz */
What I always saw ON THIS MACHINE ONLY was:
#define one 1 /* foo     */
#  fine two 2 /* bar baz */
Can you guess what was happening?
Turns out, someone had inadvertly installed this piece of garbage
called CyberSitter, which purports to protect you from nasty
internet content.  Turns out that it does this by patching the
TCP drivers and watching the data flow over EVERY TCP STREAM. 
Can you spot the offense word in my example?  It's "NUDE".  Seems
that cybersitter doesn't care if there are other characters in
between.  So it blanks out "nu */ #de" without blanking out the
punctuation and line breaks.  Very strange and stupid.


It also didn't like the method name "RefreshItems" in another
file, since there is obviously a swear word embedded in there. 
Sheesh.


It's so bad it's almost funny.  Hope this brightens your day as
much as it brighted mine :-).
----
+----------------------+---+
| Ross Johnson         |   | E-Mail: rpj () ise canberra edu au
| Info Sciences and Eng|___|
| University of Canberra   | FAX:    +61 6 2015227
| PO Box 1                 |
| Belconnen  ACT    2616   | WWW: http://willow.canberra.edu.au/~rpj/
| AUSTRALIA                |
+--------------------------+
Previous By Date Next
Previous By Thread Next

Current thread: