Vulnerability Development mailing list archives

(no subject)

From: eb () PEMIC DE (Ernesto Baschny)
Date: Tue, 7 Mar 2000 10:14:43 +0100


Date sent:              Mon, 6 Mar 2000 14:17:33 -0800
From:                   "Mark L. Jackson" <sincity_mark () iname com>
To:                     VULN-DEV () SECURITYFOCUS COM

This is not a 'bug' per se, but I feel it could be used to cause problems on
your system.

Has anyone worked with the Aureate Media software? I was reading another
newsletter and they made reference to this 'phone home' software that they
make (no name given)  that is used by companies to track usage. I am
positive I saw something similar to this on a list I am subscribed to.

What it does is when you install a program that has it's app contained
within it (cute ftp, Go!zilla, BuddyPhone, and 300 others have the app in
their software), it surriptisously installs the app, and then it sends info
back to the software creator. Not sure what it sends, just know it does send
info. And that is the problem, as I see it; installed without my knowledge,
and then sending out info with out my knowledge.


It is installed with your knowledge, as it reminds you at the start that this
software is supported through advertisment (see the screepshots at:
http://www.aureate.com/devs-n-pubs/how_we_target.html). The info it sends
back is just a survey you CAN fill in (you have the choice given to do this
or not). See  Aureate statements, and also follow the links that are at the
bottom of this page:

  http://www.aureate.com/privacy/falserumors.html

My concerns are this: someone backward engineers the advert.dll, discovers
how it works then uses that knowledge to either redirect the stream of info
or substitute a bogus advert.dll and thus collect sensitive info from the
system. Most people do not know it is there and since it is registered the
system would not see it as a threat, maybe not even the admins.


One could do this to any system .dll, and "how it works" isn't so dramatic,
just TCP/IP communication, you don't need to backwards engineer advert.dll to
see how it works.  As Aureate states, they only send ONE time information
from your PC to their networks, and this is when you fill in the short survey
and agree to participate.


--
Ernesto Baschny <eb () pemic de> | PEM Intercomputing GmbH
 Stuttgart - Germany          | www.pemic.de
 PGP: www.baschny.de/pgp.txt  | - SCO Premier Solution Partner
 Private: ernst () baschny de    | - Xlink Premium PoP

Current thread:

ALLADVANTAGE Privacy Concern Derek Reynolds (Mar 05)
- Re: ALLADVANTAGE Privacy Concern Eric Hacker, Cybershaman (Mar 06)
- Windows NTLMv2 dictionary attacks. Eric Hacker, Cybershaman (Mar 06)
- (no subject) Mark L. Jackson (Mar 06)
  - (no subject) Ernesto Baschny (Mar 07)
    - Aureate Software Mark L. Jackson (Mar 07)
    - Re: Aureate Software Brad Griffin (Mar 08)
    - Retraction of last post Brad Griffin (Mar 07)
  - (no subject) John Flux (Mar 07)
- <Possible follow-ups>
- Re: ALLADVANTAGE Privacy Concern Vanna P. Rella (Mar 06)
- Re: ALLADVANTAGE Privacy Concern Christian Hampson (Mar 06)