[THIN] Re: SNEAK ATTACK THROUGH A LICENSE AGREEMENT

• From: "TheThin" <TheThin@xxxxxxxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 30 Oct 2002 14:49:33 -0500

Just an FYI, they also own friendgreeting.com, so if you're blocking
based on hostname then you need to hit that one, too.  I just sent a
message from that site to myself for testing, and below are some of the
headers and other info that you can look for in filtering software.  I
added the zzz to the domain name to prevent accidental usage.

Bill

Received: from doodle.freeyankee.com (unknown [65.89.168.254])
        by hellmouth5.gatech.edu (Postfix) with ESMTP id A5AD41D19CE
        for <gte273i@xxxxxxxxxxxxxxxx>; Wed, 30 Oct 2002 14:42:53 -0500
(EST)
        (envelope-from finsoft@xxxxxxxxxxxxxx)
Received: from finsoft by doodle.freeyankee.com with local (Exim 3.22 #1
    (Debian))
        id 186yjr-0002Og-00
        for <gte273i@xxxxxxxxxxxxxxxx>; Wed, 30 Oct 2002 12:42:51 -0700
X-Mailer: Perl Powered Socket Mailer
Subject: jane, you have an E-Card from joe.

Greetings jane,
joe stopped by our website www.friendgreetings.com
and created a Virtual E-Card just for you! To pick up your
E-Card, simply click on the following link.
http://www.friendgreetingszzz.net/card/oct30-006979217.html
Your E-Card will remain on the server for about one week, so
please print it out or save it as soon as you can.
Sincerely,
WebMaster
www.friendgreetings.com


-----Original Message-----
From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20
Posted At: Wednesday, October 30, 2002 2:20 PM
Posted To: TheThin
Conversation: [THIN] SNEAK ATTACK THROUGH A LICENSE AGREEMENT
Subject: [THIN] SNEAK ATTACK THROUGH A LICENSE AGREEMENT



From the Windows Magazine Security News Letter Block them now... JK

* SNEAK ATTACK THROUGH A LICENSE AGREEMENT

Have you ever received a Web-based greeting card from a friend or
relative? They're common these days, and they seem to be taken for
granted, in that people trust the intent of someone who might send them
a greeting card. People like to be greeted with kindness, so they're
inclined to look at and read the greeting card. It's one of the
feel-good things that many people simply can't resist.

Have you ever wondered why a company would spend its Internet resources
delivering free greeting cards on behalf of people with whom it conducts
no business otherwise? How does such an entity profit from those
endeavors? What might its motives be?

Last week, a user posted an interesting message to our HowTo for
Security mailing list regarding one company that delivers Web-based
greeting cards. That company, Permissioned Media, runs a Web site called
FriendGreetings.com, which lets one person send another person an
electronic greeting card. The friendly facilitation seems simple and
harmless, but it has a rather insidious side.

When you receive a greeting from FriendGreetings.com, the message says
that someone sent you the greeting and that to read it, you must click a
URL that takes you to the Web site hosting the greeting. When you click
the URL, you're prompted to install an ActiveX control before you view
the greeting. As the greeting-card recipient, you would probably assume
that you must install the ActiveX control to view the greeting; however,
that's not the case. Instead, FriendGreetings.com has designed the
ActiveX control, complete with an End User License Agreement (EULA), to
interact with your mail client software and harvest information about
your email contacts. After the ActiveX control obtains your private
contact list information, it sends a similar greeting card to everyone
in your contact list, probably unbeknownst to you!

If you took time to read the EULA from FriendGreetings.com, you'd
discover that the EULA clearly states Permissioned Media's intention to
do just that. A section of the EULA reads, "As part of the installation
process, Permissioned Media will access your Microsoft Outlook contacts
list and send an e-mail to persons on your contacts list inviting them
to download FriendGreetings or related products." By accepting the EULA
and installing the ActiveX control, you give the company permission to
perform that activity.

In essence, the greeting cards that FriendGreetings.com delivers
resemble many worms that travel the Internet: They're parasitic,
intrusive, devious, elusive, and most of all, probably unwanted. Even
some antivirus vendors issued warnings about the greeting card last
week. However, we can't completely blame FriendGreetings.com for its use
because, although the company counts on most users' acceptance of the
unread EULA, the EULA does spell out some of its intention. By agreeing
to the EULA, users agree to the ActiveX control activity. Nevertheless,
the lesson here should be obvious: When you encounter a EULA, don't take
anything for granted. Read it word for word to understand exactly what
you're accepting and think through what the consequences of acceptance
might be.

Permissioned Media bills itself as a "behavioral marketing network" with
more than 100 clients that advertise online. The company also operates
Cool-Downloads.com. You can read Permissioned Media's EULA at the URL
below. Take note that it grants the company "the right to add additional
features or functions to the version of PerMedia you install, or to add
new applications to PerMedia, at any time." Yikes!
   http://permissionedmedia.com/license.htm

If you've received a greeting card from FriendGreetings.com and
installed the associated ActiveX control, you might want to remove its
software from your system. To find out how, be sure to read the related
news article, "Protect Your Contact List: Read the EULA!" in this
newsletter.
   http://www.secadministrator.com/articles/index.cfm?articleid=3D27122

And if you're a security administrator for your network, consider
blocking FriendGreetings.com to help ensure that none of your network
users inadvertently compromise private contact information by accepting
a greeting card from that Web site.
***********************************************
Visit Jim Kenzig of thethin.net at the
Emergent Online Booth #26 at Citrix Iforum 2002!
Register now at:
http://www.citrixiforum.com/registerNow.html
***********************************************=20
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm
***********************************************
Visit Jim Kenzig of thethin.net at the
Emergent Online Booth #26 at Citrix Iforum 2002!
Register now at:
http://www.citrixiforum.com/registerNow.html
*********************************************** 
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] SNEAK ATTACK THROUGH A LICENSE AGREEMENT
• » [THIN] Re: SNEAK ATTACK THROUGH A LICENSE AGREEMENT
• » [THIN] Re: SNEAK ATTACK THROUGH A LICENSE AGREEMENT
• » [THIN] Re: SNEAK ATTACK THROUGH A LICENSE AGREEMENT
• » [THIN] Re: SNEAK ATTACK THROUGH A LICENSE AGREEMENT

1. Home
2. thin
3. Archive
4. 10-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---