Xref: utzoo comp.org.eff.talk:2289 alt.privacy:507 alt.censorship:2132 Newsgroups: comp.org.eff.talk,alt.privacy,alt.censorship Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!think.com!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!purdon From: purdon@athena.mit.edu (James R. Purdon III) Subject: Re: Prodigy charged with invading users' privacy (was Re: Lifestyle Information ( was Re: Safeway Stores to Accept Charge) Message-ID: <1991May2.153535.6759@athena.mit.edu> Sender: news@athena.mit.edu (News system) Organization: Massachusetts Institute of Technology References: <1991Apr30.185752.4913@mnemosyne.cs.du.edu> <1991May01.024205.13181@ddsw1.MCS.COM> <1991May1.210740.19958@cec1.wustl.edu> Date: Thu, 2 May 91 15:35:35 GMT Lines: 65 In article <1991May1.210740.19958@cec1.wustl.edu> dale@cec2.wustl.edu (Dale Frye) writes: >The proper test should be: > >1: wipe the hard disk clean -- i.e. low level reformat or wipedisk etc. > Note: This should be done to any and all disks, partitions, etc on the > system. (Or remove them) >2: insure all disks are clean!! >3: install test files to look for(if needed). > Do not delete anything. Do not use any disk compressor. > Just copy the files onto the disk. >4: POWER OFF the machine. Wait 10 min. (Yes, 10 MIN!) >5: Turn machine on and verify memory is clear. > Don't do anything except what is listed here. Especially don't go looking > at files. Don't do anything that might bring a file into memory or a disk > buffer. >6: install prodigy >7: run prodigy for a period of time (1 hour or so) >8: NOW check the STAGE.DAT file. I don't think this is necessarily the only valid test. It is a fairly well-known trick to allocate a large file space and write to a single byte at the end of the allocated space (or at the end of each disk block). Most of the systems that I have tried this on don't bother to zero out the allocated space, so that the data which previously occupied the space is still there and can be read. On a multi-user system, this can be considered a security violation, because the data may have belonged to someone else. Of course the presence of "old" data in a file does not necessarily mean it is being read. >An even better test would to be to monitor the data being sent back to Prodigy. This is indeed a better test, but not infallable. If a search is being conducted for specific items (such as the presence of a particular software package), not much needs to be sent back to indicate its presence. Of course, there is always the possibility that the software sends back large amounts of data only when it finds something of interest. Your test situation may fail to provide anything interesting. Lastly, it may be that the software only compromises security when directed to do so. Your test may show nothing because you are not a target. Such are the perils of running "black box" communications software. If the software was distributed as source, which could be compiled by several third-party compilers, users would probably feel more secure. Of course, even source code might contain a cleverly-hidden Trojan, disquised as a normal function. >Dale Frye >Washington University in St. Louis > >P.S. I'm not trying to defend Prodigy. I just hate it when people go off half >cocked. I'm not accusing Prodigy of anything at all. -- Jim Once I was a fetus. Now I am a person. Soon I will be married.