Slashdot Mirror
Trojans and Popups and Slimeball Business
Selanit writes "Salon.com is reporting
on a company which exploited a vulnerability in an old but common version of Internet Explorer's Java engine to install spyware on the visitor's machine. " It's a pretty in depth story showing the lack of respect that
some companies have. My favorite part is that the guy who denies any knowledge
of the trojan popup is named 'Frank Bigott'.
Yes. The .com weenies who are still struggling to survive are doing it with questionable ethics.
You notice as available VC goes down, the number of pop-ups, subscriptions and sleazy sites go up.
I like to think that eventually the sleazy and make-abuck-quick companies will finally go under, and the web will be more like it was before. A communications medium for PEOPLE to communcate, rather than a giant catalog that consumers can shop from.
I can dream.
There has to be a solution to this sort of problem. About the only way I could get Flowgo to stop SPAMMING my mail server is to call up a buddy of Tony Soprano to break their knees because Flowgo doesn't care and I have never, ever, ever been able to get one of my elected officials or law enforcement agency to pay any interest in Unsolicited Commercial E-Mail. Its not like Flowgo is hiding its behavior either. It should be easy to get them but no one that matters or has the power, gives a damn about this huge waste of bandwidth.
Strange women lying in ponds distributing swords is no basis for a system of government.
It's about time someone got put away for this sort of crap.
California Penal Code, look for section 502
What would Lemmy do?
I don't know what's scarier. This article or that a related article at the bottom of this one talks about our "friend" Fritz who wants to "protect" spyware by defining what's sensitive.
Quote
The second is "nonsensitive" information, and among that will include your name, address, and records of anything you buy or surf on the Internet. Under the act, business can't collect or divulge the sensitive bits without your express consent, but anything classified as nonsensitive can be freely collected and sold at will.
End Quote
The article can be found here
I think so. In fact, I'll be surprised if we do not see this going to court. If any of the affected PC's belong to a fortune 500 or larger company, I can nearly guarantee it. What I think should happen is that a class action suit be filed on behalf of all of the common people who were affected.
Heck, I'm sure if I the same exploits to upload even 1 teeny-tiny file to a PC, let's say, at a local bank. Guaran-damn-tee I'd be in lockup the next day.
The company behind this needs to be more than bitchslapped. They're going down.
I have to take issue with this. I really hate MS, believe me, but the fact is they (as well as a lot of bad things) make products that are user friendly and have lot's of features that, if not abused, could make a much nicer computing experience for everyone.
It is their problem that people are abusing it, but it's not their fault people are abusing it. I compare this to the luxery of having a convertable - it'd be really nice if it weren't so damned easy to break into, but it's not the car makers fault it happens - they just need to work on a way to help prevent it. And the fact is that people LIKE convertables - it's a feature.
The sad fact is that while MS is horrible about securing their products, it's the crackers and punks and phreaks that make it difficult for everybody. Sure, I'm approaching this from an existentialist point of view - not particularly realistic - but you have to blame the people that are maliciously taking advantage of a problem as well the company that fails to correct it.
It's crackers fault I have to spend my money and time protecting against break-ins. Even if you are well protected, these people steal my money and waste my time and that latter part is unforgivable. Yes, I feel the same way about the people who make it necessary for my house and car to need locks and an alarm system. I know it's reality, but those are the people I blame for making it reality.
Ok, now I'm venting, pardon the rant. I like dogging MS as much as the next guy, but the people who are violating your privacy are the ones that need your antagonism.
Stupid sexy Flanders.
IANAL but...
:)
If a piece of software *is* malicious spyware, it would be counterintuitive to ask the user to authorize its use and consent to a license agreement.
So -- let's assume that the software exploits the hole and, in the process, causes damage to your machine. Because you did not agree to the usual clickwrap, (software is AS IS, etc etc) could you hold the company liable for this?
Just a thought
What bothers me the most, is that Federal Law Enforcement agencies have been going after individuals who crack corprate machines for years -- and hitting them with hard criminal charges (or in some cases, just throwing them in jail without clear or formal criminal charges).
Its clear that the federal government is zealous in its crusade to protect corporate America from "hackers". But who protects individuals from shady companies?
Its also clear that the company behind the trojan popups has engaged in criminal activity...but where the hell is the criminal investigation -- anyone being brought up on charges? At most -- we might see some fiducary damages awarded to someone (but not anyone here -- and not to anybody we know)...but if the feds can throw Kevin in jail -- I want the fuckers responsible for this kind of malicous marketing in jail too...(don't forget spammers either).
-Turkey
-Turkey
The FDA has strict standards for listing nutrition information on food. A simple, consistant, easy to read, strictly formatted box shows you what's in it and how bad it is for you. IMHO, it works well (even for your average idiot at the grocery store), and is a Good Idea. Would it be so hard to do the same thing for software? Before installing, it presents the user a concise, consistantly formatted box that shows the user what the software does, what files it installs, what services/ports it uses over the internet, what information it collects, stores, uses and shares, and with whom it shares the information. Anybody who creates software that doesn't fit this policy gets heavily fined/jailed/deported/bludgeoned/etc.
... "Give me a woman who loves beer and I will conquer the w
Internet Explorer running on Microsoft Windows
Systems not affected:
Internet Explorer running on Macintosh
Internet Explorer running on Solaris
Netscape running on Windows
Netscape running on Macintosh
Netscape running on Linux
Netscape running on Solaris
Netscape running on BSD
Mozilla running on Windows
Mozilla running on Macintosh
Mozilla running on Linux
Mozilla running on Solaris
Mozilla running on HP/UX
Mozilla running on BeOS
Mozilla running on AIX
Mozilla running on VMS
Opera running on Windows
Opera running on Macintosh
Opera running on Linux
etc.
(they forgot to mention this in the article. Not that any patterns are starting to appear...)
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)