Vulnerability Development mailing list archives
FW: The AOL Spyware
From: Kenneth_Oporto () ED GOV (Oporto, Kenneth)
Date: Mon, 10 Jul 2000 16:48:14 -0400
Sorry Mikael... this post was supposed to go to the list.. -----Original Message----- From: Oporto, Kenneth Sent: Monday, July 10, 2000 4:47 PM To: 'Mikael Olsson' Subject: RE: The AOL Spyware Your mistake was an honest one. Netscape's first mention of "SmartDownload" was in their browser download "client".. (Began with the first communicator I believe).. Since then they have developed SmartDownload into a download manager that intercepts all downloads while it is active. As for the data included in the "feedback".. there really isn't much info to send.. Just what you're downloading, when, and from where. There's no way for the software to really determine what it really is that you're downloading either. I suppose they could monitor downloads of IE and inject a 1 in 3 chance of crashing the computer, dissallowing the install ;) Also.. I agree.. about not calling foul until we see the BEEF.. I think this kind of publicity, if false, does more damage to the accused corporations than we believe. Kenneth Oporto Senior Telecommunications Engineer CACI International, Inc. for the USDoED kenneth_oporto () ed gov 202-260-3457 -----Original Message----- From: Mikael Olsson [mailto:mikael.olsson () ENTERNET SE] Sent: Saturday, July 08, 2000 2:53 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: The AOL Spyware Masial wrote:
SmartDownload would be a software that helps you manage your internet downloads (all of them),
Ahhh I was confusing it with smartupgrade... Sorry 'bout that, everyone, my bad.
so it would know EVERY file you download from the net. If you are to download pam03.mpg or prostate.pdf, AOL would know. Or so does the article seem to claim. I find this somewhat disturbing.
Question
is, whats its exact behaviour?
Yes. I think someone should sniff some traffic and try to parse it (or post it) so that we can see what happens. Who knows, it could concevably be something as innocent as "check for new versions of smart download", but then again, it may not :-P (So let's not cry foul until we see what it's doing. It hurts the security community if we do) -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05 Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50 WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se
Current thread:
- FW: The AOL Spyware Oporto, Kenneth (Jul 10)
- Re: FW: The AOL Spyware Andrew McNaughton (Jul 10)
- Re: FW: The AOL Spyware Scott Alexander (Jul 11)
- <Possible follow-ups>
- Re: FW: The AOL Spyware Scott Alexander (Jul 12)
- Re: FW: The AOL Spyware Andrew McNaughton (Jul 10)