New Spyware CSLID

Discussion in 'SpywareBlaster & Other Forum' started by 2mcabre, May 22, 2003.

Thread Status:
Not open for further replies.
  1. 2mcabre

    2mcabre Registered Member

    Joined:
    May 20, 2003
    Posts:
    5
    Location:
    Milwaukee, WI USA
    While true some think I am overly paranoid. I truly believe that we are being setup for the ultimate in spyware intrusion.

    Think about it. What control/ software plug-in is most commonly installed on every computer?

    Macromedia Shockwave and Flash Player.

    Here's the problem.

    [hr]

    Flash Player has the ability to allow outside websites to use their own software to gain access to your webcams and your microphones. You are not informed of this prior to flash player being installed (or in most cases automatically updated…)

    And even though since I have been pestering macromedia to cough up a solid statement concerning "Exploitability" they have refused to make an official statement, BUT have made it easier to find the settings instruction page, and have made a point to clarify on the TOS and EULA that Macromedia is in no way responsible for what 3rd parties do with their software (sounds like an admission of "exploitability" to me), they have also linked to separate uninstallers for both shockwave and flash players.

    [hr]

    Anyway, the "Potential" of exploitability is too high for this to not be considered spyware. Think about it. Sooner or later advertisers are going to figure out that we don't want ads, spam or pop-ups. So now what do they do?

    Easy, exploit the Flash player control so that they can actually look into our lives and hear what we say and/ or how we react to a specific site.

    Worse case scenario is that the XXX folks figure out how to exploit this so that they can "Really" peek into our private lives. Who knows? One day one of you may find yourself staring in the next "Amateur" adult video on-line at Dirty Dans!

    :eek:

    [hr]

    OK Im done ranting. If even for ***** and giggles you can include an installation block for this.

    The clsid for this annoyance is…

    D27CDB6E-AE6D-11cf-96B8-444553540000

    http://www.macabre.cnchost.com/mm.jpg


    And even though MM says they are not responsible for the downloaded content it's awful funny how the codebase comes from their own site…

    <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="740" height="165">

    All I know is I am sick and tired of getting stuck up on websites that are downloading this in the background, holding up the site and wasting my time, as I refuse to use any MM products till they publicly claim that this feature cannot be "exploited".

    :rolleyes: But you know they wont, they are counting on it to grow their sales of director tools etc. :eek:

    [hr]
     
  2. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi 2mcabre,

    LOL :D LOL :D

    Very funny and interesting to read!! Yeah, indeed your prophecy could be right. Never thought about that before...

    By the way why are you so well informed about snipped - we are not in the habit of discussing personal issues here - Forum Admin :D LOL

    Regards,

    Patrice
     
  3. 2mcabre

    2mcabre Registered Member

    Joined:
    May 20, 2003
    Posts:
    5
    Location:
    Milwaukee, WI USA
    Hey yourself Patrice http://www.macabre.cnchost.com/icons/rofl.gif

    Not having any actual firsthand knowledge of what you speak of "personally" I did used to host several such sites.

    I assure you I have no "snipped" :D affair with my computer or my webcam http://www.macabre.cnchost.com/icons/stooge.gif

    Just know that the folks that run that sort of stuff will do anything for a buck.

    All joking aside, I was checking out how the clsids are used to block by spyware blaster just in case I need to make my own.
     
  4. LonnyRJones

    LonnyRJones Spyware Expert

    Joined:
    Apr 3, 2003
    Posts:
    61
    2mcabre

    ============
    All I know is I am sick and tired of getting stuck up on websites that are downloading this in the background, holding up the site and wasting my time, as I refuse to use any MM products till they publicly claim that this feature cannot be "exploited".
    ============
    macromedia came out with an update, I forget the details, in march
    something to do with its services being misused..
    Heck I had one that lept appearing on MSN's home page. till
    I added it to my popupBlockers list.before and shortly after they had updated,, no info was provided on how to go about the update
    the plugin wouldn update so I uninstalled all and went durectly to there site...

    You sound like you know how to disable both macromedia and site promting to install , so why havent you ?
    http://www.techspot.com/vb/showthread.php?s=f5ec43adcd4c82975911148e70dafd03&threadid=1644

    Regards
    Lonny
     
Loading...
Thread Status:
Not open for further replies.