Vulnerability Development mailing list archives
(no subject)
From: sincity_mark () INAME COM (Mark L. Jackson)
Date: Mon, 6 Mar 2000 14:17:33 -0800
Greetings all, This is not a 'bug' per se, but I feel it could be used to cause problems on your system. Has anyone worked with the Aureate Media software? I was reading another newsletter and they made reference to this 'phone home' software that they make (no name given) that is used by companies to track usage. I am positive I saw something similar to this on a list I am subscribed to. What it does is when you install a program that has it's app contained within it (cute ftp, Go!zilla, BuddyPhone, and 300 others have the app in their software), it surriptisously installs the app, and then it sends info back to the software creator. Not sure what it sends, just know it does send info. And that is the problem, as I see it; installed without my knowledge, and then sending out info with out my knowledge. My concerns are this: someone backward engineers the advert.dll, discovers how it works then uses that knowledge to either redirect the stream of info or substitute a bogus advert.dll and thus collect sensitive info from the system. Most people do not know it is there and since it is registered the system would not see it as a threat, maybe not even the admins. I have checked all of our systems for the advert.dll (the central part of the system. you will have to remove it and the registry refs to get rid of this) so I have no way of knowing what it is doing. If anyone has info on the workings of this program I am sure people on this list would like to see it. I have read several stories on this and some of the claims seem bizarre, but since I do not have a copy to play with, and won't; I was hoping some one had seen this. Here are some relevant links: http://209.41.41.165/newsletters/2000/mar-02-00.htm#4 http://www.hardocp.com/news_images/2000/february_2000/aureatespying.html http://news.cnet.com/news/0-1005-200-1558696.html?tag=st.ne.1002 http://www.kumite.com/myths/myths/myth036.htm Mark L. Jackson mark_l_jackson () bigfoot com A computer scientist is someone who, when told to 'Go to Hell', sees the 'go to', rather than the destination, as harmful.
Current thread:
- ALLADVANTAGE Privacy Concern Derek Reynolds (Mar 05)
- Re: ALLADVANTAGE Privacy Concern Eric Hacker, Cybershaman (Mar 06)
- Windows NTLMv2 dictionary attacks. Eric Hacker, Cybershaman (Mar 06)
- (no subject) Mark L. Jackson (Mar 06)
- (no subject) Ernesto Baschny (Mar 07)
- Aureate Software Mark L. Jackson (Mar 07)
- Re: Aureate Software Brad Griffin (Mar 08)
- Retraction of last post Brad Griffin (Mar 07)
- (no subject) Ernesto Baschny (Mar 07)
- (no subject) John Flux (Mar 07)
- <Possible follow-ups>
- Re: ALLADVANTAGE Privacy Concern Vanna P. Rella (Mar 06)
- Re: ALLADVANTAGE Privacy Concern Christian Hampson (Mar 06)