Author |
Message |
Gold Hat
*** BANNED ***
Joined: 18 Jul 2004
Posts: 2049
|
Posted:
Sun Feb 08, 2009 4:27 pm |
|
I ran across a very interesting article this morning from a site called “Windows Secrets”. The writer details how the international news service CNN has created a system that implants software in a viewer’s computer when watching “live video”.
During the Obama presidential address, “their PC was used to send the video to other PCs, too. Clicking "yes" to a CNN.com dialog box installed a peer-to-peer (P2P) application that uses your Internet bandwidth rather than CNN's to send live video to other viewers.”
Software called Octoshape was installed to accomplish this underhanded intrusion. The article details why this action is disgraceful and how it may compromise the security of your computer.
The article also describes how to find the planted software and remove it.
Perhaps someone who is more technically minded than me can read this article and summarize how it can affect security.
The article is found here:
Clicky |
|
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Sun Feb 08, 2009 5:34 pm |
|
As CNN are using it there shouldnt be any direct security issues although the fact that they don't make it explicitly obvious what they are doing is apalling. The problem arises when people get used to this sort of thing and start allowing the connections willy nilly. It wouldn't be hard to modify it to install a rootkit to give backdoor admin access through any port an unscrupulous 3rd party may choose. Continuous mass activity on this port would also make it hard to see any 'dodgy' traffic.
The main issue I can see with CNN is that if you have capped bandwidth then multiple p2p connections could put you (unknowingly) over your limit.
Another excellent reason for running Zone Alarm (which will warn of multiple connections). No company should ever install something on your computer 'under the radar'. Sony tried this with their CD DRM and got their arses sued off for it so I expect the same to happen here. |
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
Newdonym
Elite Baiter
Joined: 19 Jan 2008
Posts: 1043
|
Posted:
Sun Feb 08, 2009 7:33 pm |
|
I read a report on octoshape the other day. The main problem was a clause in the EULA that tried to stop you being able to check how much bandwidth they were using, or even running a firewall.
The clauses are there to stop them getting sued for fair use charges or say hotel bills.
I have no problem with them using P2P. It makes a lot of sense for the more popular programs. |
|
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Sun Feb 08, 2009 7:53 pm |
|
Yeah it does make sense from their point of view to free up bandwidth but the ISP's still have to cover it. As for trying to stop people running Firewalls, that is grossly irresponsible and I'd guess that anyone sensible would ignore the (unenforcable) EULA. |
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
Ex.
Nature's Asshole
Joined: 28 Dec 2007
Posts: 990
Location: Hell's Presidential Suite
|
Posted:
Sun Feb 08, 2009 11:05 pm |
|
I don't watch CNN so I'm safe I suppose. |
_________________ YOU ARE JUST A CHILD WHOO SIT BEHIND HIS COMPUTER MASSTERBATI NG FO HISS FAMILLY - D3nnis M4rk, my lost Safari.
JACK B QUICK YOU ARE NATURES ASHOLE DO NOT EMAIL ME ANYMORE OK - R0ger Jon3s (Right you are mate)
i much prefer s3x in the 4ss - B4rrister 0luwa
x28 x9
x97 (Updated 02/20/09) |
|
|
|
Catcher In The Lie
Master of Master Baiters
Joined: 22 Sep 2008
Posts: 877
Location: 404 Yellow Brick Road
|
Posted:
Mon Feb 09, 2009 5:13 am |
|
Gold Hat,
Thanks for posting this.
Rodus.
Another excellent reason for running Zone Alarm (which will warn of multiple connections). No company should ever install something on your computer 'under the radar'
Absolutely! Information is a double edged sword.
As far as the endless social and privacy ramifications of the 'information explosion' are concerned, I think we're on the verge of information implosion. I wouldn't try to guess a percentage of how much information we're exposed to & overloaded with every day... and of that amount how much is useless, but it's a lot .
However, this is useful (if not vital) information for the present and the future. I'm sure most people in the mainstream don't even know what CNN (and who else? )is doing either. sigh...and so it goes. The frightening thing is what else we don't know.
In my opinion, if you're not a conspiracy theorist in terms of IT today, you're not a realist.
(Course, I don't think they've ever told us the truth about Roswell, Big Foot, the crop circles, or Atlantis either)
|
_________________ x 11 x 20
"I don't want you to be burdered again." Ali the hitlad Sule
Click here to support 419Eater.com |
|
|
|
Catcher In The Lie
Master of Master Baiters
Joined: 22 Sep 2008
Posts: 877
Location: 404 Yellow Brick Road
|
Posted:
Mon Feb 09, 2009 5:16 am |
|
Sorry,
Meant to attribute quote to Rodus:
Quote: |
Another excellent reason for running Zone Alarm (which will warn of multiple connections). No company should ever install something on your computer 'under the radar' |
|
_________________ x 11 x 20
"I don't want you to be burdered again." Ali the hitlad Sule
Click here to support 419Eater.com |
|
|
|
Al Roberts
Admin Plaything
Joined: 13 Oct 2008
Posts: 58
Location: Palo Alto,California
|
Posted:
Mon Feb 09, 2009 9:59 pm |
|
I run OS X an i downloaded a client to scan for cookies and I only had 100 all from one place. Any guesses? Yep CNN! I was furious I also had a few from the local councils website. So the next time I am on the councils website I will come off that and go directly on here. lol |
_________________ Do not you speak the English proper
I have not the times to be playing your games |
|
|
|
Ex.
Nature's Asshole
Joined: 28 Dec 2007
Posts: 990
Location: Hell's Presidential Suite
|
Posted:
Wed Feb 11, 2009 1:53 am |
|
Cookies can be illegally used by websites to collect and use private information against you. If you are that paranoid that someone would invade your computer via cookies, disable Javascript when visiting certain sites. |
_________________ YOU ARE JUST A CHILD WHOO SIT BEHIND HIS COMPUTER MASSTERBATI NG FO HISS FAMILLY - D3nnis M4rk, my lost Safari.
JACK B QUICK YOU ARE NATURES ASHOLE DO NOT EMAIL ME ANYMORE OK - R0ger Jon3s (Right you are mate)
i much prefer s3x in the 4ss - B4rrister 0luwa
x28 x9
x97 (Updated 02/20/09) |
|
|
|
Proto419
Not quite a Newb
Joined: 26 Jan 2009
Posts: 77
|
Posted:
Wed Feb 11, 2009 7:17 am |
|
@ex
Huh? How does Javascript have anything to do with cookies? Cookies are simply files that store some basic info (such as an encoded username) so it is easier to log back into a website. When did Javascript have the capacity to mess with data on a person's computer due to cookies? (Cookies are handled at the server end, not client end; so I would be more worried about Ajax or Perl and cookies) |
|
|
|
|
Ex.
Nature's Asshole
Joined: 28 Dec 2007
Posts: 990
Location: Hell's Presidential Suite
|
Posted:
Wed Feb 11, 2009 8:08 am |
|
Javascript can be used to create cookies, and cookies can be used to collect information from you, from something as little as a username to something as big as your personal info, i.e. when you purchase something online or if you use your personal info in filling out some form. You don't know whats in cookies half the time unless you actually check them. An interesting fact is that through the use of cookies and Javascript, you actually do some "funny" stuff. Here's a hint:
javascript:alert(document.cookie);
All in all, if the website you're paranoid about doesn't have your personal info fine. But if you have given them your personal info and its stored on a cookie, then a malicious cracker could use it. Sometimes the data is encrypted (for example, this website you are visiting now), but depending on how strong it is, it can be cracked as well. |
_________________ YOU ARE JUST A CHILD WHOO SIT BEHIND HIS COMPUTER MASSTERBATI NG FO HISS FAMILLY - D3nnis M4rk, my lost Safari.
JACK B QUICK YOU ARE NATURES ASHOLE DO NOT EMAIL ME ANYMORE OK - R0ger Jon3s (Right you are mate)
i much prefer s3x in the 4ss - B4rrister 0luwa
x28 x9
x97 (Updated 02/20/09) |
|
|
|
|