RE: KaZaA

From: Christopher Wagner (chriswat_private)
Date: Fri Oct 18 2002 - 10:44:03 PDT

Next message: Sylvia Else: "RE: J2EE EJB privacy leak and DOS."

Previous message: Jonathan A. Zdziarski: "Chrooting Daemons and System Processes HOWTO"
Next in thread: Brenna Primrose: "RE: KaZaA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

These ads are most likely "safe" as far as trojans go, depending on your
definition of trojan.  Most of them, however, use ad tracking and
"phone-home" to the originating company.  Many will install cookies and some
will even install other pop-up software on your computer without your
knowledge to pop-up ads based on the content of other sites you visit.

For instance, some pop-up programs will see you going to
"www.competitorswebsite.com" and replace in-line content with content of
their choice or pop-up ads for their site.  Pop-up ads are becoming VERY
intrusive to the end-users' computer.

I recommend not using KaZaA, or getting the "ad-free" version (KaZaA Gold I
think?) of their software.  In addition, I use Lavasoft's Ad-Aware to scan
my system for spy-ware/ad-ware on my computer and remove it.  Bear in mind,
many programs that incorporate ad-ware will NOT function without their
ad-ware, KaZaA is one of them.  Ad-Aware is available for download at their
website www.lavasoftusa.com.

I choose to use other file-sharing programs that do not incorporate
ad-ware/spy-ware in their products.  WinMX (www.winmx.com) or Gnucleus
(www.gnucleus.net), for example.  If you still wish to use KaZaA, you run
the risk of getting "spammed" even when you're not running KaZaA and having
your web content unknowingly altered.  I wish I could remember some
reference sites to give you, but I can't remember any off the top of my
head.  I hope this helps.

- Christopher Wagner
chriswat_private

Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116


-----Original Message-----
From: David Krum [mailto:frobnitzat_private]
Sent: Friday, October 18, 2002 9:34 AM
To: bugtraqat_private
Subject: KaZaA


I'm concerned about all the applications which utilize ie browser controls.
There are a lot of adware programs with little ads.  Some of these ads have
activex, java, flash, js.  Any one of these capabilities in the wrong zone
could be dangerous.

My attention was first drawn to this when I noticed KaZaA launching popups
sourced from the local hard disk.  Surely these ads are running in the local
zone.  To use software that does this I have to trust them to audit the ads
given to them?

_________________________________________________________________
Broadband? Dial-up? Get reliable MSN Internet Access.
http://resourcecenter.msn.com/access/plans/default.asp


SPAM: ---- Start SpamAssassin results
SPAM: 0 hits, 5 required;
SPAM:
SPAM: ---- End of SpamAssassin results

Next message: Sylvia Else: "RE: J2EE EJB privacy leak and DOS."
Previous message: Jonathan A. Zdziarski: "Chrooting Daemons and System Processes HOWTO"
Next in thread: Brenna Primrose: "RE: KaZaA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 18:09:33 PDT