Hello Steve Lamb,
On Wed, 1 Mar 2000 09:10:55 -0800 GMT your local time,
which was Thursday, March 02, 2000, 12:10:55 AM (GMT+0700) my local time,
Steve Lamb wrote:
> Wednesday, March 01, 2000, 8:53:28 AM, tracer wrote:
>> http://www.angelfire.com/rock/fangthane/index.html
>> if you like your privacy worth reading and following whats
>> happening...
> Hmmm, anything on Angelfire is worthy of suspicion. Any CERT/Bugtraq
> advisories on the matter?
Well, there are other sites on the web with similar data, this happens
to be a site where I dug up the best cleaner..
> Yup, here's a Bugtraq article:
>
>http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-04-22&[EMAIL PROTECTED]
> Summary: The port is opened to get banner updates, nothing more.
> In fact, I looked through several threads and not only is this the case,
> but all the information on the angelfire site was known to the bugtraq people
> and have been said to explained to the customer that it was being downloaded
> in the first place. Hardly something worthy of a notice like this.
If you had read whats being uploaded from ones system then its clearly
not exactly what they are telling...
or just to quote a short piece of one of the texts:
Quote:
Here is a review of the contents and
code contained in the DLL's that Aureate makes use of. Here are a
few of my findings up to this point:
advert.dll
=======
This DLL creates a hidden window every time you open your browser. It
creates and sends 4 pages of information to the Aureate servers using
port 1749 on your system, these pages include:
1. Your name as listed in the system registry ( not the name you
installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP and
area of country you are in )
4. A listing of ALL software that is shown in your registry as being
installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on all
URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file
size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while
using your
browser
D.) the remote dialup number you are dialing in on (taken out of
your dialer configuration)
E.) dialup password if saved, does not "appear" at first glance
to send this through to them.
6. Contains programmers note: "Show me the money! I want to
be Mike!"
EOQ
And agreed, this subject has been discussed on various sites on the
web.
However uploading ones personal data isnt something one should accept.
For those who use at guard firewall, settings can be supplied to pull
the teeth of the dll's in question.
And considering the list of programs using this trick (calypso being
one of them....) worth it to remove these undesirable dll's...
Best regards,
tracer
--
Using theBAT 1.41 Beta/3 with Windows 98
mail to : [EMAIL PROTECTED]
I am using FireTalk: 321338
ICQ: on request
Website: www.phuketcomputers.com
Our special website hosting/mailservers are now operational
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
