[20108] in bugtraq
Re: Reporting a public security threat Eyeis_unrevealed.txt
daemon@ATHENA.MIT.EDU (Matt Scarborough)
Mon Apr 9 14:55:36 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-ID: <20010409102801.28833.qmail@aw161.netaddress.usa.net>
Date: Mon, 9 Apr 2001 06:28:01 EDT
Reply-To: Matt Scarborough <vexversa@USA.NET>
From: Matt Scarborough <vexversa@USA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
On Sat, 7 Apr 2001 15:56:59 -0700, Tim Hason <tim@AIDASYSTEMS.COM> wrote:
>EyeIS security tool unrevealed. Good example of Distributed
>Exploitation of common Vulnerabilities, employing a backdoor
>in what's supposedly called a "Security Paranoid Tool" Snoop on
>them like they snoop on you!
All over the site before downloading this 5MB tool <wow!> to test for the
Unicode Bug are warnings like this:
LEGAL NOTICE !!!
For the soul purpose of monitoring eyeIS for illegal use due to its nature, we
may log your IP address while using eyeIS.
For the soul purpose of monitoring eyeIS for illegal use due to its nature, we
are logging all activity inside this page by entering you are agreeing that
you understand this and we have your permission to log your IP address.
Anything done inside or on linked pages especially the download of the program
will be monitored.
A visitor must press
ACCEPT --- DECLINE
to download the tool.
>Someone's in trouble :)
>
>The logs we found (at the time of writing) are located at the following
>locations:
http://www.dforce.nl/~noid/scripts/log.txt
contained my IP address and Netscape User-Agent string. I didn't download the
tool and I'm not running IIS. I don't feel particularly vulnerable to the
Unicode Bug because they logged my site visit.
That's not to say the toolmaker or site-owner has the best laid logging
scheme. But as of today at least they were warning visitors right up front
that IP addresses are logged during site visits and tool uses.
Gotta read those disclaimers.
Matt 2001-04-09
____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1
