Slashdot Mirror

← Back to Stories (view on slashdot.org)

GoHip.com ActiveX Wreaks Havoc

Posted by CmdrTaco on from the gotta-hate-when-that-happens dept.

This story popped in several times in the last couple days and it's pretty slow today so I figure it'll be good for a laugh. Apparently GoHip (no relationship to Goku or Gohan) had some sneaky ActiveX that a lot of people installed. Kinda a scary security situation right there. Makes me glad I don't have any of that OL- I mean CO- I mean ActiveX on this box.

2 of 244 comments (clear)

  1. A couple interesting things... by ChristianBaekkelund · · Score: 5
    A couple interesting things here...

    First, in the article, those "fine print software agreements" were discussed...the legal validity of such have been under question for a while now. Due to various legal details, those "click Next to continue installing" agreements are considered by many to be too automatic and do not require enough action on the agreeing party to be legally binding...

    Second, I was amused that GoHip.com considers what they do a Browser Enhancement.

    Third, ActiveX ever since it's first incarnation has been horribly gigantic a gaping security hole. Anyone even remotely self-respecting computer security-savvy individual would never dream of having ActiveX enabled on their computer. Unfortunately, the average Joe might not know this...hopefully, they will be educated in time.
    Here's one (of many) place I definitely like Java a whole lot better...

    Fourth, in the end, this really isn't that big of a deal, as it was relatively benign. Hopefully, however, it will educate people as to the dangers of ActiveX, in general. I think David Kroll said it best: "I think it's pretty tacky what they did". Although he and Finjin did get it wrong when they said: "this is the first time a company has used ActiveX to alter personal information on someone's computer." Just see the ActiveX Exploder link mentioned above! I think they'd be more accurate in saying this is the first time it's been done purposefully and on a large scale by a corporation.

    Fifth, this reveals an interesting problem with "signing" such programs with things like Verisign. That signature doesn't really mean as much as most people think that is does, as Verisign said: "Verisign spokesman Gray Chapman confirmed that GoHip is certified by Verisign, but stressed that his company was not in the business of passing judgment on the business practice of its client."

    Sixth, GoHip.com sounds horribly sketchy. No phone numbers, bouncing e-mail addresses...is anyone surprised?...But finally, I have to admit to being horribly amused at the final quote by one of the "infected" GoHip.com visitors: "I compliment GoHip for a fine marketing effort as I certainly know who they are. I hate them, but I know who they are". In the end, capitalism seems to be all that matters again...

  2. If you think this is bad, there is already worse.. by EoRaptor · · Score: 5

    While GoHip isn't too great, there is already a company out there called Aureate, who bribe shareware and trial program vendors to install a few files on your system, along with the main program. These files (look for advert.dll) sit around as IE and Netscape plugins, and spy on everything you do, from personal registry information to every url you click on.

    I could post a list of exactly which vendors install this thing, but it's too long. (GetRight and Globlascape Cute** probably being the most ocmmon source). If I were you, and using any windows based o/s, I'd look for advert.dll. Deleting it only partially solves the problem, but it's betetr than nothing.