The rat who wired schools.
Brian Tew reminded me of
a rat trained to run the maze that is a building's infrastructure.
Rattie was pressed into service in 1996 to wire California schools to
the Internet and enjoyed a brief
the limelight from spring 1997 to early 1998. Rattie once had a
Web page and an email address where kids could write to him (or to
his keeper, Dr. Judy Reavis), but the mailbox has gone dark.
Brown Orifice reveals major holes in Java, Netscape.
Dan Brumleve, the perpetrator of the delicately named
Netscape security exploit of nearly two years ago, is at it again.
He has discovered two new ways to make Java misbehave, one residing
in the Java core and the other in Netscape's implementation of Java.
He calls the new vulnerabilities
(playing off the infamous
from the Cult of the Dead Cow). Brumleve writes on the
The first [vulnerability] allows Java to open a server
which can be accessed by arbitrary clients. The second...
allows Java to access arbitrary URLs, including local files.
As a demonstration, I've written Brown Orifice HTTPD for
Netscape Communicator. BOHTTPD is a browser-resident web
server and file-sharing tool that demonstrates these two
problems in Netscape Communicator. BOHTTPD will serve files
from a directory of your choice, and will also act as an
HTTP/FTP proxy server.
Brumleve has verified that the exploit works on Netscape 4.[5-7]
running on Linux and assorted flavors of Windows. He has seen it
work behind a firewall that was doing network address translation,
and also fail with a mysterious message when a browser was
configured to use a proxy.
At the moment the link to Brumleve's download page, where you can get
the Java applet in various forms, is not active.
is the .tar.gz version.
I was unable to experience this security hole firsthand, as my firewall
blocks incoming HTTP requests. If you try out Brown Orifice, please
email me with your experience of it; I will post representative replies
ShareZilla: peer-to-peer spam.
P2P networks such as those implemented by
are a certified Next Big Thing, say the
(But remember where you
read it first.)
With Internet speed, spammers are lining up to reap the harvest
of the new peer-to-peer medium. Thus
ShareZilla, which claims to be able to
intercept every Gnutella search that comes across its network
horizon and reflect an ad back to the person originating the
request. ShareZilla costs $49.95 for the 1.0 software, and $74.95 for
a 6-month subscription (so its spammer customers can keep ahead of the
various GnutellaNets' attempts to block it).
The Net has taken very little notice of ShareZilla as yet. Its homepage
counter says 3283 visitors have arrived there. This
contains only 11 messages at this writing. A
returns only two mentions, one of which is the spam provisioner's home
page itself. Feed "flatplanet.net" to the
if you'd like the name, address, email, phone, and fax number of the person
Thanks to Mark Dionne and Clifford Weinmann for suggesting this topic.
Note added 2000-08-03:
Kendall Dawson writes to note that the Gnutella community has already
mobilized to block ShareZilla's (and others') spam.
ShareZilla has gotten lots of hits because I believe it has been
mentioned on Memepool. If you
check out the Gnutella site,
they are yanking the original Gnutella client (beta 0.56) released
by Justin Frankel & co. over at Nullsoft. Instead they are
pushing people to download Gnotella,
which has built-in, user-customizable spam filters.
Netscape SmartDownload uses Real/NetZip spyware.
The surreptitious reporting "feature" of Netscape's SmartDownload, the subject
of a lawsuit noted here three weeks ago, continues
to unravel. Chris Phoenix sent a pointer to this
from NewsBytes indicating that Netscape licensed the spyware technology behind
SmartDownload from Real Networks. This is the same spyware, which Real obtained
by acquiring NetZip, that earned Real some serious scrutiny
last spring. The main source for the NewsBytes
report seems to be Steve Gibson's
downloaders page, which
gives the blow-by-blow.
For a more concise summary of exactly what SmartDownload sends to cgi.netscape.com
each time you use it, see this
carried out earlier by the German magazine TecChannel.