2000-08-05

10:44:52 AM

• The rat who wired schools. Brian Tew reminded me of Rattie, a rat trained to run the maze that is a building's infrastructure. Rattie was pressed into service in 1996 to wire California schools to the Internet and enjoyed a brief moment in the limelight from spring 1997 to early 1998. Rattie once had a Web page and an email address where kids could write to him (or to his keeper, Dr. Judy Reavis), but the mailbox has gone dark.

2000-08-04

10:52:18 PM

• Brown Orifice reveals major holes in Java, Netscape. Dan Brumleve, the perpetrator of the delicately named Cache-Cow Netscape security exploit of nearly two years ago, is at it again. He has discovered two new ways to make Java misbehave, one residing in the Java core and the other in Netscape's implementation of Java. He calls the new vulnerabilities Brown Orifice (playing off the infamous Back Orifice trojan from the Cult of the Dead Cow). Brumleve writes on the BrO page:

  The first [vulnerability] allows Java to open a server which can be accessed by arbitrary clients. The second... allows Java to access arbitrary URLs, including local files.

  As a demonstration, I've written Brown Orifice HTTPD for Netscape Communicator. BOHTTPD is a browser-resident web server and file-sharing tool that demonstrates these two problems in Netscape Communicator. BOHTTPD will serve files from a directory of your choice, and will also act as an HTTP/FTP proxy server.

  Brumleve has verified that the exploit works on Netscape 4.[5-7] running on Linux and assorted flavors of Windows. He has seen it work behind a firewall that was doing network address translation, and also fail with a mysterious message when a browser was configured to use a proxy.

  At the moment the link to Brumleve's download page, where you can get the Java applet in various forms, is not active. Here is the .tar.gz version.

  I was unable to experience this security hole firsthand, as my firewall blocks incoming HTTP requests. If you try out Brown Orifice, please email me with your experience of it; I will post representative replies here.

2000-08-02

6:14:42 PM

• ShareZilla: peer-to-peer spam. P2P networks such as those implemented by Gnutella, Freenet, and Publius are a certified Next Big Thing, say the pundits. (But remember where you read it first.) With Internet speed, spammers are lining up to reap the harvest of the new peer-to-peer medium. Thus ShareZilla, which claims to be able to intercept every Gnutella search that comes across its network horizon and reflect an ad back to the person originating the request. ShareZilla costs $49.95 for the 1.0 software, and $74.95 for a 6-month subscription (so its spammer customers can keep ahead of the various GnutellaNets' attempts to block it).

  The Net has taken very little notice of ShareZilla as yet. Its homepage counter says 3283 visitors have arrived there. This Deja thread contains only 11 messages at this writing. A Google search returns only two mentions, one of which is the spam provisioner's home page itself. Feed "flatplanet.net" to the Geektools whois if you'd like the name, address, email, phone, and fax number of the person behind ShareZilla.

  Thanks to Mark Dionne and Clifford Weinmann for suggesting this topic.

  ---

  Note added 2000-08-03: Kendall Dawson writes to note that the Gnutella community has already mobilized to block ShareZilla's (and others') spam.

  ShareZilla has gotten lots of hits because I believe it has been mentioned on Memepool. If you check out the Gnutella site, they are yanking the original Gnutella client (beta 0.56) released by Justin Frankel & co. over at Nullsoft. Instead they are pushing people to download Gnotella, which has built-in, user-customizable spam filters.

2000-08-01

5:26:21 PM

• A stitch in crime. The LA Times today ran an underplayed commentary on the Napster / peer-to-peer phenomenon in the form of this article on cross-stitching grandmothers who freely trade intellectual property. Cross-stitch patterns, that is. There is no Napster for the needlework set; all the action is in newsgroups and private mailing lists. It's driving the tiny needlepoint industry to distraction.

  Thanks to Robert Franklin for the pointer.

2000-07-30

9:00:29 PM

• Netscape SmartDownload uses Real/NetZip spyware. The surreptitious reporting "feature" of Netscape's SmartDownload, the subject of a lawsuit noted here three weeks ago, continues to unravel. Chris Phoenix sent a pointer to this reportage from NewsBytes indicating that Netscape licensed the spyware technology behind SmartDownload from Real Networks. This is the same spyware, which Real obtained by acquiring NetZip, that earned Real some serious scrutiny last spring. The main source for the NewsBytes report seems to be Steve Gibson's downloaders page, which gives the blow-by-blow. For a more concise summary of exactly what SmartDownload sends to cgi.netscape.com each time you use it, see this investigation carried out earlier by the German magazine TecChannel.