Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!convex!swarren From: swarren@convex.com (Steve Warren) Newsgroups: comp.sys.amiga.misc Subject: Re: Anyone using prodigy with an AMIGA? Message-ID: <1991May02.160135.20734@convex.com> Date: 2 May 91 16:01:35 GMT References: <1579@tronsbox.xei.com> <+W6B79@irie.ais.org> <1991May2.151223.19343@cbnewse.att.com> Sender: usenet@convex.com (news access account) Distribution: na Organization: Convex Computer Corporation, Richardson, Tx. Lines: 188 Nntp-Posting-Host: neptune.convex.com In article <1991May2.151223.19343@cbnewse.att.com> cwpjr@cbnewse.att.com (clyde.w.jr.phillips) writes: >In article <+W6B79@irie.ais.org>, jph@ais.org (Joseph Hillenburg) writes: >> In article <1579@tronsbox.xei.com> dfrancis@tronsbox.xei.com (Dennis Heffernan) writes: >>> >>> RE Prodigy >>> >>> There's a class action suit originating in California against Prodigy- >>>a number of people claim that the Prodigy software glomms files off of their >>>hard drives, puts them in a file called STUFF.DAT and uploads it to Prodigy. >>>People examinging their STUFF.DAT files claim to have found copies of source >>>code they've been working on,or even personal or government information from >>>their HD's. [...] >Since this is .misc post it here. I'm very interested. > >Prodigy is definately a "personal data collector" as I'll explain below >but I did'nt know it was a data "stealer". YES! Nail the Puppy to the WALL! > >Essentially Prodigy has enough MIPS behind it to collect and analyse >all your keystrokes while you are logged on. It analyses what groups >you read, how often, what services you sign up for and what you purchase >from the groups/services. [...] Well, if the stuff in this file is true, they are the lowest form of life in the universe. They are nothing less than electronic peeping Toms. I *spit* on them! Pthuiough! ;^) If this file is the truth, then I suspect that the reason they haven't ported Prodigy is because the security cracking part of the software is so machine- specific. Although actually the way they've done this is so stupid, I can't believe they would actually drop their drawers in public like this. Haven't they ever heard of encription? Begin included file: || | Subject: Beware Prodigy. No joke. || | || | Date: Wed May 01 07:51:18 PDT 1991 || | || | The email string below explains how Prodigy examines and uploads || | personal info from your hard disk during a session. Very scary. Makes || | you rethink using Prodigy for business work. || || | >From bradt Tue Apr 30 16:55:06 1991 || | | From hollyba Tue Apr 30 15:53:04 1991 || | | From franck Tue Apr 30 14:50:29 1991 || | | || | | Newsgroups: comp.risks || | | Subject: RISKS DIGEST 11.56 || | | || | | RISKS-LIST: RISKS-FORUM Digest Monday 29 April 1991 || | | Volume 11 : Issue 56 || | | || | | Prodigy: More of a Prodigy Than We Think? || | | By: Linda Houser Rohbough || | | || | | The stigma that haunts child prodigies is that they are || | | difficult to get along with, mischievous and occasionally, just || | | flat dangerous, using innocence to trick us. I wonder if that || | | label fits Prodigy, Sears and IBM's telecommunications network? || | | || | | Those of you who read my December article know that I was || | | tipped off at COMDEX to look at a Prodigy file, created when || | | Prodigy is loaded STAGE.DAT. I was told I would find in that || | | file personal information form my hard disk unrelated to Prodigy. || | | As you know, I did find copies of the source code to our product || | | FastTrack, in STAGE.DAT. The fact that they were there at all || | | gave me the same feeling of violation as the last time my home || | | was broken into by burglars. || | | || || | | I invited you to look at your own STAGE.DAT file, if you're || | | a Prodigy user, and see if you found anything suspect. Since || | | then I have had numerous calls with reports of similar finds, || | | everything from private patient medical information to classified || | | government information. || | | || || | | The danger is Prodigy is uploading STAGE.DAT and taking a || | | look at your private business. Why? My guess is marketing || | | research, which is expensive through legitimate channels, and || | | unwelcomed by you and I. The question now is: Is it on purpose, || | | or a mistake? One caller theorizes that it is a bug. He looked || | | at STAGE.DAT with a piece of software he wrote to look at the || | | physical location of data on the hard disk, and found that his || | | STAGE.DAT file allocated 950,272 bytes of disk space for storage. || | | || || | | Prodigy stored information about the sections viewed || | | frequently and the data needed to draw those screens in STAGE.DAT. || | | Service would be faster with information stored on the PC rather || | | then the same information being downloaded from Prodigy each time. || | | || || | | That's a viable theory because ASCII evidence of those || | | screens shots can be found in STAGE.DAT, along with AUTOEXEC.BAT || | | and path information. I am led to belive that the path and || | | system configuration (in RAM) are diddled with and then restored || | | to previous settings upon exit. So the theory goes, in allocating || | | that disk space, Prodigy accidently includes data left after an || | | erasure (As you know, DOS does not wipe clean the space that || | | deleted files took on the hard disk, but merely marked the space || | | as vacant in the File Allocation Table.) || | | || || | | There are a couple of problems with this theory. One is || | | that it assumes that the space was all allocated at once, meaning || | | all 950,272 bytes were absorbed at one time. That simply isn't || | | true. My STAGE.DAT was 250,000+ bytes after the first time I || | | used Prodigy. The second assumption is that Prodigy didn't want || | | the personal information; it was getting it accidently in || | | uploading and downloading to and from STAGE.DAT. The E-mail || | | controversy with Prodigy throws doubt upon that. The E-mail || | | controversy started because people were finding mail they sent || | | with comments about Prodigy or the E-mail, especially negative || | | ones, didn't ever arrive. Now Prodigy is saying they don't || | | actually read the mail, they just have the computer scan it for || | | key terms, and delete those messages because they are responsible || | | for what happens on Prodigy. || | | || || | | I received a call from someone from another user group who || | | read our newsletter and is very involved in telecommunications. || | | He installed and ran Prodigy on a freshly formatted 3.5 inch || | | 1.44 meg disk. Sure enough, upon checking STAGE.DAT he discovered || | | personal data from his hard disk that could not have been left || | | there after an erasure. He had a very difficult time trying to || | | get someone at Prodigy to talk to about this. || | | || || | | -------------- || | | || | | Excerpt of email on the above subject: || | | || | | THERE'S A FILE ON THIS BOARD CALLED 'FRAUDIGY.ZIP' THAT I SUGGEST || | | ALL WHO USE THE PRODIGY SERVICE TAKE ***VERY*** SERIOUSLY. THE || | | FILE DESCRIBES HOW THE PRODIGY SERVICE SEEMS TO SCAN YOUR HARD || | | DRIVE FOR PERSONAL INFORMATION, DUMPS IT INTO A FILE IN THE PRODIGY || | | SUB-DIRECTORY CALLED 'STAGE.DAT' AND WHILE YOU'RE WAITING AND || | | WAITING FOR THAT NEXT MENU COME UP, THEY'RE UPLOADING YOUR STUFF || | | AND LOOKING AT IT. || | | || | | TODAY I WAS IN BABBAGES'S, ECHELON TALKING TO TIM WHEN A || | | GENTLEMAN WALKED IN, HEARD OUR DISCUSSION, AND PIPED IN THAT HE || | | WAS A COLUMNIST ON PRODIGY. HE SAID THAT THE INFO FOUND IN || | | 'FRAUDIGY.ZIP' WAS INDEED TRUE AND THAT IF YOU READ YOUR ON-LINE || | | AGREEMENT CLOSELY, IT SAYS THAT YOU SIGN ALL RIGHTS TO YOUR || | | COMPUTER AND ITS CONTENTS TO PRODIGY, IBM & SEARS WHEN YOU AGREE || | | TO THE SERVICE. || | | || | | I TRIED THE TESTS SUGGESTED IN 'FRAUDIGY.ZIP' WITH A VIRGIN || | | 'PRODIGY' KIT. I DID TWO INSTALLATIONS, ONE TO MY OFT USED HARD || | | DRIVE PARTITION, AND ONE ONTO A 1.2MB FLOPPY. ON THE FLOPPY || | | VERSION, UPON INSTALLATION (WITHOUT LOGGING ON), I FOUND THAT THE || | | FILE 'STAGE.DAT' CONTAINED A LISTING OF EVERY .BAT AND SETUP FILE || | | CONTAINED IN MY 'C:' DRIVE BOOT DIRECTORY. USING THE HARD DRIVE || | | DIRECTORY OF PRODIGY THAT WAS SET UP, I PROCEDED TO LOG ON. I || | | LOGGED ON, CONSENTED TO THE AGREEMENT, AND LOGGED OFF. REMEMBER, || | | THIS WAS A VIRGIN SETUP KIT. || | | || | | AFTER LOGGING OFF I LOOKED AT 'STAGE.DAT' AND 'CACHE.DAT' || | | FOUND IN THE PRODIGY SUBDIRECTORY. IN THOSE FILES, I FOUND || | | POINTERS TO PERSONAL NOTES THAT WERE BURIED THREE SUB-DIRECTORIES || | | DOWN ON MY DRIVE, AND AT THE END OF 'STAGE.DAT' WAS AN EXACT || | | IMAGE COPY OF MY PC-DESKTOP APPOINTMENTS CALENDER. || | | || | | CHECK IT OUT FOR YOURSELF. || | | || | | ### END OF BBS FILE ### || | | || | | I had my lawyer check his STAGE.DAT file and he found none other || | | than CONFIDENTIAL CLIENT INFO in it. || | | || | | Needless to say he is no longer a Prodigy user. || | | || | | || | | Mark A. Emanuele V.P. Engineering Overleaf, Inc. || | | 218 Summit Ave Fords, NJ 08863 (908) 738-8486 || | | emanuele@overlf.UUCP || | || || | _. --Steve ._||__ DISCLAIMER: All opinions are my own. Warren v\ *| ---------------------------------------------- V {uunet,sun}!convex!swarren; swarren@convex.com --