Vulnerability Development mailing list archives
(no subject)
From: eb () PEMIC DE (Ernesto Baschny)
Date: Tue, 7 Mar 2000 10:14:43 +0100
Date sent: Mon, 6 Mar 2000 14:17:33 -0800 From: "Mark L. Jackson" <sincity_mark () iname com> To: VULN-DEV () SECURITYFOCUS COM
This is not a 'bug' per se, but I feel it could be used to cause problems on your system. Has anyone worked with the Aureate Media software? I was reading another newsletter and they made reference to this 'phone home' software that they make (no name given) that is used by companies to track usage. I am positive I saw something similar to this on a list I am subscribed to. What it does is when you install a program that has it's app contained within it (cute ftp, Go!zilla, BuddyPhone, and 300 others have the app in their software), it surriptisously installs the app, and then it sends info back to the software creator. Not sure what it sends, just know it does send info. And that is the problem, as I see it; installed without my knowledge, and then sending out info with out my knowledge.
It is installed with your knowledge, as it reminds you at the start that this software is supported through advertisment (see the screepshots at: http://www.aureate.com/devs-n-pubs/how_we_target.html). The info it sends back is just a survey you CAN fill in (you have the choice given to do this or not). See Aureate statements, and also follow the links that are at the bottom of this page: http://www.aureate.com/privacy/falserumors.html
My concerns are this: someone backward engineers the advert.dll, discovers how it works then uses that knowledge to either redirect the stream of info or substitute a bogus advert.dll and thus collect sensitive info from the system. Most people do not know it is there and since it is registered the system would not see it as a threat, maybe not even the admins.
One could do this to any system .dll, and "how it works" isn't so dramatic, just TCP/IP communication, you don't need to backwards engineer advert.dll to see how it works. As Aureate states, they only send ONE time information from your PC to their networks, and this is when you fill in the short survey and agree to participate. -- Ernesto Baschny <eb () pemic de> | PEM Intercomputing GmbH Stuttgart - Germany | www.pemic.de PGP: www.baschny.de/pgp.txt | - SCO Premier Solution Partner Private: ernst () baschny de | - Xlink Premium PoP
Current thread:
- ALLADVANTAGE Privacy Concern Derek Reynolds (Mar 05)
- Re: ALLADVANTAGE Privacy Concern Eric Hacker, Cybershaman (Mar 06)
- Windows NTLMv2 dictionary attacks. Eric Hacker, Cybershaman (Mar 06)
- (no subject) Mark L. Jackson (Mar 06)
- (no subject) Ernesto Baschny (Mar 07)
- Aureate Software Mark L. Jackson (Mar 07)
- Re: Aureate Software Brad Griffin (Mar 08)
- Retraction of last post Brad Griffin (Mar 07)
- (no subject) Ernesto Baschny (Mar 07)
- (no subject) John Flux (Mar 07)
- <Possible follow-ups>
- Re: ALLADVANTAGE Privacy Concern Vanna P. Rella (Mar 06)
- Re: ALLADVANTAGE Privacy Concern Christian Hampson (Mar 06)