The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
From the Inbox - Serious! by ChuckAB 2006-11-19 12:55:59
- Due to the way Apple has implemented Bash, a shell used in Mac OS X, it's possible to create a local root exploit if practically any Adobe product is installed. The Adobe products install with scripts that are suid (Set User ID to) root, and don't verify what they are processing, so you can use them to do pretty much anything you want.
...
- The Peer-to-Peer program Imesh installs a Web proxy from a company called Marketscore. The Marketscore caching Web proxy is touted as being an Internet accelerator. They also state "that we receive and gather additional data about you to develop anonymous market research reports that help Internet companies and others understand consumer preferences and purchase dynamics." They say they strip all personal information.

The thing I'm troubled by is the fact that they install their own Trusted Root Certificate. As such, they're able to monitor your SSL traffic. When you establish a connection with an SSL site, such as your bank, with the Marketscore tool installed, you actually trust the certificate of Marketscore, and not your bank. They establish the SSL session to the bank between the Marketscore proxy and the bank. This makes them privy to all the communications you believe are encrypted between you and your choice of SSL sites.

In my opinion, this is a practice which shouldn't be tolerated by a piece of software which is installed as part of another product's installation.

- Last week the U.S. Congress approved the Intelligence Reform Bill. It now awaits approval by the president, although there may be additional changes to it when the House reconvenes next Jan. 4.

Among the potential outcomes from the bill is the possibility of a National ID card for U.S. citizens. If that happens, designating someone a terrorist becomes easier. Once designated as a terrorist, there is no need for probable cause or a warrant, and wire-tapping becomes easier. Some organizations, like the ACLU, believe there are insufficient counter-checks to ensure abuses don't occur. Under the Patriot Act, some ISPs and companies have been forced to turn over computer equipment and backups without being able to consult a lawyer. This bill is seen by some as extending the powers of the Patriot Act, and making it more powerful.

From my Security Watch e-Newsletter
http://mcpmag.com/security/
http://ENTmag.com
[ Reply ]
  ok, so now I'm insecure. by greybeaver2004-12-14 06:53:32
    Advertising was not the point. by ChuckAB2004-12-14 07:16:33
      my error by greybeaver2004-12-14 08:35:45
        Not a problem. by ChuckAB2006-11-19 12:55:59
  How? by Didactylos2004-12-14 06:53:54
    That's what I thought. That's one of the reasons by ChuckAB2004-12-14 06:58:08
    SSL by mrmisguided2006-11-19 12:55:59
      And I forgot to link the wikipedia by mrmisguided2006-11-19 12:55:59
        Yes, I took the module. by Didactylos2004-12-14 07:29:24

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)