Updated: 24.11.2002; 12:22:10 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Thursday, June 7, 2001

Site puts private cell calls on Web

Citizens in Ottawa were probably not aware that they were providing content for a new Web site that streams live audio onto the Net. The site uses conversations pulled from a radio that scans cellphone frequencies in the city. *CTIA Daily News*

Bruce Hamilton bruce_hamilton@agilent.com Tel: 650-485-2818 Fax: 650-485-8092 Agilent Technologies MS 24M-A, 3500 Deer Creek Road, Palo Alto CA 94303 [bruce_hamilton@agilent.com via risks-digest Volume 21, Issue 48]
0:00 # G!

Security notice for recent EarthBrowser purchasers (via Ben Laurie)

My name is Matt Giger and I write the EarthBrowser software that you have recently purchased us. I am writing to inform you of about a recent scam being run on our customers. This first report was about 5 PM on 6/6/01 from a customer who purchased EarthBrowser just yesterday.

Apparently some files with customer information on our server have been accessed. Let me assure you that your credit card information is safe since we never store that information on our server. Also we purge all customer information on a daily basis so the amount of information they obtained was minimal, just your name, address, e-mail address and EarthBrowser serial number.

The reported scam e-mail looks something like this:

Please confirm [its] registration. Correct Purchase Information You account: http://www.earthbrowser.by.ru/3004001065-010605214102678/index.htm

This poorly written e-mail sends you to a Web site in Russia which is an exact copy of our purchase page and presumably sends the information you enter to the thief. If you enter your credit card number on this page, they will then have it so please do not enter any information. Hopefully the poorly worded e-mail and the suspicious Web address will alert most to the fact that this is bogus.

If you have received an e-mail like this one, please let me know as soon as possible so I can trace exactly how long ago they gained access.

I apologize for having to warn you of this, I am taking steps to insure that our customer information remains safe. I promise to let you know of any such scams in the future, but please help me out by letting me know if you get any strange contact trying to use our relationship with you to obtain any information.

Matt Giger, Lunar Software, Inc. mgiger@lunarsoft.com [Matt Giger via risks-digest Volume 21, Issue 47]
0:00 # G!

Risks of URL-forwarding services

I'm the maintainer of a free-software application called sitescooper, which reformats Web sites for viewing on PDAs. When I started writing sitescooper a few years ago, I hosted it on my ISP at http://www.clubi.ie/~jmason/software/sitescooper/ .

Since this URL was quite cumbersome (especially when read on a PDA screen!) I also set up a forwarding URL with a domain called "tsx.org", which offered free URL forwarding. At that stage, tsx.org was a reasonably reputable URL-forwarding service.

Since then, sitescooper has grown in popularity, and has moved to the easier-to-remember sitescooper.org domain. I left the tsx.org forwarding in place, updated to its new address, to catch old links and avoid link-rot, and forgot about it.

This morning I received a mail from a potential user, who'd decided to download sitescooper and take a look. The mail stated:

I'm writing about your Web site. [...]

If you are aware of the way your site behaves then you should just close up shop and leave the Web because no contribution to software development is worth the hassle your site causes.

If not, then I apologize for the above and I'll describe it for you.

If your site: sitescooper.tsx.org is opened using a script-enabled browser (e.g., IE or NS), from a windows platform, it proceeds to plaster the screen with windows full of trashy ads that CANNOT be deleted. The windows have no controls and right-clicking the taskbar icons is disabled. THE ONLY WAY to delete this trash is to bring up the Task Manager via ctrl-alt-del, and kill the processes. NO WEBSITE SHOULD BE THIS INVASIVE.

This is blatant abuse of the trust a user puts in you when they click a link to your site. Hopefully, you're not involved in it and it's being done by tsx - In which case I STRONGLY advise you to dump them as fast as possible and find a new Web host.

I surfed over to sitescooper.tsx.org and took a look. Sure enough, it popped up 5 windows - 1 with no frame masquerading as a Windows alert, asking if I want to visit the BEST ADULT SITES AROUND, 2 full-screen unclosable windows, 1 normal(ish) ad window with a normal window frame, and (finally) the page I *wanted* to go to.

Gah. Needless to say, sitescooper.tsx.org is now no more. I'd prefer if people hit a 404, and were forced to search Google, than run into this.

The risk? There ain't no such thing as a free lunch, I guess. I'd assumed that the forwarding system would offer a consistent quality of service over several years; instead, in my opinion, they took advantage of their situation to increase their ad revenues at the expense of their users. [jm-risks@jmason.org (Justin Mason) via risks-digest Volume 21, Issue 47]
0:00 # G!

Re: Steve Gibson: Windows XP Vulnerable; Big ISPs just don't care

I felt I had to respond to this article, because it's simply ridiculous.

Raw sockets support, the supposed "vulnerability," is not a security risk. This capability is already present in every major Unix operating system, and can be acquired in every version of Windows with the addition of a library.

>From atstake.com: The "powerful Internet-connection capabilities" which are hyped in this article is merely the ability to write raw IP packets. This is where an application program controls every field in the IP packet. This functionality is required if you were writing your own network bridge program for Windows or other low level network applications. An IDS for NT that resets connections would need this functionality. AntiSniff, which detects sniffers on a network, requires this functionality.

This capability, which this article states is so dangerous to the Internet, is already available practically everywhere. It is available in every commercial and open source unix distribution and is already available for all Windows platforms (not just Windows XP) through the use of free add on libraries such as winpcap and libnetNT.

The hype and hyperbole is astounding. From reading this article you'd think a deluge of DDoS attacks was building up just waiting to be released once Microsoft releases the all powerful new API. Nothing could be further from the truth. When XP arrives it will receive a collective yawn from DDoS attackers who would much rather have their win32 DDoS clients run on every version of Windows using the already available add on libraries.

Once an attacker has administrative control of a machine they can run any code they want, whether it is native or in an uploaded executable. There is absolutely nothing stopping an attacker from spoofing IP addresses from a Windows machine today or tomorrow.

The real RISK here is *The New York Times'* propagation of false information for the sole purpose of provoking Fear, Uncertainty, and Doubt.

Mike Nuss [Mike Nuss via risks-digest Volume 21, Issue 46]
0:00 # G!

Computer reports unreported wreck

You just can't outrun a satellite. A Merced, California, man took his fully equipped 2001 SUV out onto some nearby country roads, navigating swiftly and confidently with the optional OnStar Global Positioning System. When he got into an accident, he decided to run for it. But the guidance system had already notified OnStar headquarters of the accident, specifying where it had happened and giving a complete description of his vehicle to the California Highway Patrol. The officers followed a trail of coolant about a mile into an orchard, where they found and arrested the driver. [Source: *Road & Track* magazine, July 2001; PGN-ed]

THE RISKS?

What constitutes an "accident"? (Air bags seem to go off quite easily, taking out the windshield and dashboard [$$$] in a fender-bender).

Will GPS-reported accidents become like household burglar alarms - sending out mostly false alarms?

Who will hack into the OnStar system to falsely report accidents?

Who will use the OnStar system to efficiently dispatch lawyers to accident sites?

How soon until OnStar sells accident records so used-car purchasers can learn the vehicle's history?

Chris Norloff ["Chris Norloff" via risks-digest Volume 21, Issue 46]
0:00 # G!

Broken shopping carts

I was just trying to by something from an on-line catalog (autosport.com), but was having problems as the shopping cart doubled the number of items I entered; the minimum purchase was two.

On a whim, I entered a negative number -and the shopping cart updated to show that I was ordering -2 items, and had to pay -$188.

I didn't go ahead with the transaction, but it would be an interesting experiment to see whether it would actually be possible to get free cash from shopping at this web site.

It would also be interesting to see if the credit card companies fraud protection works in reverse -detecting and flagging too many refunds coming from a single vendor. ["Steve Loughran" via risks-digest Volume 21, Issue 46]
0:00 # G!


Maximillian Dornseif, 2002.
 
June 2001
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
May   Jul
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.