>>>>> "Bruno" == Bruno Lustosa <bruno (at) lustosa (dot) net [email concealed]> writes:
Bruno> ... whenever someone will launch XMLSpy, the
Bruno> program will try to connect to Altova's servers, send some
Bruno> user info through a POST to a web server, and wait for a
Bruno> response.
<skip>
Bruno> What bothers me is that
Bruno> it's sending user information that was _not_ entered into the
Bruno> program. It sends user name used to register the program, and
Bruno> it also sends an email address that I'm almost sure was not
Bruno> entered into the program. If the machine is not connected to
Bruno> the internet, or its path to altova is firewalled, the
Bruno> program will run with no problems. Of course, being a
Bruno> security professional, I don't like programs opening hidden
Bruno> connections to the outside and sending personal data from
Bruno> users without my (and their) knowledge, so I thought that
Bruno> others here would like to know that.
As an alternative to firewalling one can add a local address for
link.altova.com into %SYSTEMROOT%/system32/drivers/etc/hosts, like so:
127.0.0.1 link.altova.com
I tested this on my system. Here is the data that I received from the
program by running "nc -lp 80":
Bruno> ... whenever someone will launch XMLSpy, the
Bruno> program will try to connect to Altova's servers, send some
Bruno> user info through a POST to a web server, and wait for a
Bruno> response.
<skip>
Bruno> What bothers me is that
Bruno> it's sending user information that was _not_ entered into the
Bruno> program. It sends user name used to register the program, and
Bruno> it also sends an email address that I'm almost sure was not
Bruno> entered into the program. If the machine is not connected to
Bruno> the internet, or its path to altova is firewalled, the
Bruno> program will run with no problems. Of course, being a
Bruno> security professional, I don't like programs opening hidden
Bruno> connections to the outside and sending personal data from
Bruno> users without my (and their) knowledge, so I thought that
Bruno> others here would like to know that.
As an alternative to firewalling one can add a local address for
link.altova.com into %SYSTEMROOT%/system32/drivers/etc/hosts, like so:
127.0.0.1 link.altova.com
I tested this on my system. Here is the data that I received from the
program by running "nc -lp 80":
POST /liveupdate.asp HTTP/1.1
Referer: LicMan
Content-Type: application/x-www-form-urlencoded
User-Agent: AltovaLiveUpdate
Host: link.altova.com
Content-Length: 95
Cache-Control: no-cache
u=XXXXX%20Inc&c=XXXXX%20Inc&e=&v=XMLSpy%205%20rel.%203&k=000000-111111-2
22222-333333-444444&f=l
Bruno> it also sends an email address that I'm almost sure was not
Bruno> entered into the program. If the machine is not connected to
I can confirm the fact of "phoning home", but I could not confirm the
alleged disclosure of private information (e parameter is empty).
Thanks
Greg
[ reply ]