RE: SECURITY ALERT: Link hijacking

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Tue Jan 29 2002 - 13:38:47 MST


> And it didn't actually take you to sites you didn't
> want to go to (as he continually claimed but failed to
> actually demonstrate). It DID give you choices in
> addition to (not instead of) what the designer of the
> site gave you. Ones the designer didn't intend. It
> wasn't "link hijacking"... no links were redirected,
> just new ones created and additional choices added to
> existing links.

I humbly disagree. A link is supposed to do what the HTML says to do. If I
put a link on my website to bring up my resume, that is what I want it to
do. If it brings up an ad for monster.com or lists other resumes that you
ought to look at instead of mine, I would call that link hijacking. I am
the author of the link, and instead of bringing up my intended content, this
software inserts some other content.

> Once I saw what TopText was, I didn't want it and I
> had no problem at all uninstalling it.
> And THAT is how it should be... if a program isn't
> useful to me, I simply don't use it. TopText and
> other similar programs do not add any functionality
> that I want. I do NOT, however, think that it is an
> inherently unethical program... just a useless one.

Wasn't it unethical for it to install itself without your knowledge? You
shouldn't have software sneak on your computer that you don't know about.
You shouldn't have to uninstall software that you never wanted in the first
place. If I snuck into your house at night and installed software I had
written, you would probably have me arrested.

I have no problems with the functionality of this product if somebody wants
this service. I do have problems with products that hide what they do. I
call that fraud. I have problems with products that purport to install one
thing, but are really intended to install something else. That's called a
trojan horse. I also have problems to software that piggybacks onto other
software you run and then secretly installs itself to your computer and
quietly remains even after the original software is deleted. That's called
a virus. If a hacker wrote a program to do these things, they would be
arrested and put in jail for it.

--
Harvey Newstrom, CISSP <www.HarveyNewstrom.com>
Principal Security Consultant, Newstaff Inc. <www.Newstaff.com>
Board of Directors, Extropy Institute <www.Extropy.org>
Cofounder, Pro-Act <www.ProgressAction.org>


This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 13:37:37 MST