[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Risks of advertisements in software (Fwd from Risks Digest 20.65)(fwd)

To: FITUG-Dabatte <debate@fitug.de>
Subject: Risks of advertisements in software (Fwd from Risks Digest 20.65)(fwd)
From: Thomas Scholz <tscholz@rz.uni-mannheim.de>
Date: Wed, 24 Nov 1999 16:04:02 +0100 (CET)
Comment: This message comes from the debate mailing list.
Organization: University of Mannheim / Computing Center
PGP-Key-Id: 0xF450392D
Reply-To: thomas.scholz@rz.uni-mannheim.de
Sender: owner-debate@fitug.de

Hallo,

das kam eben "uber die WinSec und sollte auch hier manche/n interessieren!

CIAOii & so on...
 Thomas Scholz

-- 
RUM - Computing Center   |  Do molecular     |   Phone: +49 621 181 - 3087
University of Mannheim   |  biologists wear  |   Fax:   +49 621 181-383087
Certificate Authority    |  designer genes?  |   http://ca.uni-mannheim.de

--- Forwarded mail from risks@csl.sri.com

Date: Sun, 14 Nov 1999 22:51:27 -0500
From: "Bill Royds" <broyds@home.com>

A company called Conducent (http://www.conducent.com also called TimeSink)
is offering to pay creators of free Microsoft Windows software if the
software contains modules to display banner ads when the software is
used. These modules are installed on the client's machine when the freeware
is installed and is added to the user's start-up entry in the Windows
Registry file without informing the user of the fact. This is an entry for
TSADBOT.exe in the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
entry. Shareware the does this includes PKZipW and Cute-FTP.
  When the user runs the software, an Internet connection is attempted to
a bank of computers controlled by Conducent, posting information about what
program is running and other information about the user. This seems to be
the method by which Conducent determines which software is running for
royalty payments. It also uses the information to determine which
advertising to show the user.
  This is very similar to the Trojan horses that worry people so much and is
probably illegal in countries with strong privacy laws.  If someone was able
to intercept these transmissions they could determine internal network and
personal information about a user.  Many users would not install these
programs if the realised the nature of how the advertising works.
  But an even worse fate occurs if the AdBot is thwarted in its attempts to
connect to Conducent by a firewall or other controls.  It starts to attempt
to connect continually, about 10 times/second causing a huge load on local
network facilities. If it can't connect even then, it tries to connect using
Telnet and other ports with the background AdBot retrying the HTTP connects
after several hours.

Bill Royds, 3414 McCarthy Road, Ottawa, ON  K1V 9A1 Canada
1-513-733-7727  BRoyds@home.com

---End of forwarded mail from risks@csl.sri.com

Prev by Date: Re: Uhrlau: "Keine NSA-Gesetzesverstoesse"
Next by Date: [fwd] QuickLInks newsflash - Leased lines: Commission acts to bring down cost of communications in Europe (from: Richard.SWETENHAM@cec.eu.int)
Prev by thread: [FYI] Die Wirtschaft wird es machen
Next by thread: [fwd] QuickLInks newsflash - Leased lines: Commission acts to bring down cost of communications in Europe (from: Richard.SWETENHAM@cec.eu.int)
Index(es):
- Date
- Thread