Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: PCFriendly DVD Backchannel
From: Olin Sibert <wos () oxford com>
Date: Sat, 2 Mar 2002 00:38:07 -0500

  > From: Matt Curtin <cmcurtin () interhack net>
  > Date: Thu, 28 Feb 2002 17:26:58 -0500
  > To: <bugtraq () securityfocus com>
  > Subject: PCFriendly DVD Backchannel
  ...
  >   Numerous DVD titles from major movie producers between 1996 and 2000
  >   come enabled with ``PCFriendly,'' an application developed by
  >   InterActual Technologies that tracks DVD usage.  The system is
  >   designed to identify users persistently, without using an HTTP
  >   cookie, thus bypassing any privacy-enhancing technologies like
  >   cookie management software or browser configurations.  The
  >   identifying token is persistent through product registration and
  >   PCFriendly use.

It's always seemed to me that one good way to deal with this sort of
problem would be a personal firewall that sat around in the background
and popped up with questions like this:

  Greetings.  It may surprise you to learn that the program XYZ.EXE
  which you are running is attempting to connect to port 80 (http) at
  web3.wespyonyouallthetime.com (198.61.143.20).  Do you want to let it
  do that?  Last time I asked (3 days ago), you selected "Today only".
    Pick one of:  Never
                  Not this time
                  Always
                  Just this Once
                  Just for the next hour
                  Just for today
                  Until XYZ.EXE terminates
    Answer is for:  This host only
                    Any host in wespyonyouallthetime.com
    Action:  Refuse the connection
             Time out
             Pretend to connect, return no data
             Allow the connection, log first 512 bytes

Programs like BlackIce get almost all the way there, except they seem to
be only port-based, not address-based.  To avoid each user having to
make all the choices, one might distribute configuration files with
known unresirable locations already listed.  It might also be possible
for the warning to "score" the warning in some way (e.g., if the program
is not a known browser, it's somewhat more suspicious for it to be
talking to a web server).

Have I missed sme great piece of software that does this already (Linux
or Windows), or is this an unmet need?  

Thanks -- Olin Sibert <wos () oxford com>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]