[LINK] Acrobat phone home?

Howard Lowndes lannet at lannet.com.au
Fri Feb 6 12:46:33 EST 2004 

On Fri, 2004-02-06 at 10:57, David Lochrin wrote:
> At 08:06 06-02-2004 +1000, Chirgwin, Richard wrote:
> >When the process is trying to make it's once-a-minute outbound connections,
> >which I am refusing, it increments the port number to try again. This is, I
> >guess, a straightforward behaviour: Acrobat's developers have assumed that
> >the reader is going to run into corporate firewalls with tight security
> >policies, so it steps through the port list looking for one that's open.
> >
> >Which, to me, fits under the heading "worse and worse". If a company (or an
> >individual) is setting up a security policy, then for a software developer
> >to try and circumvent that policy is irresponsible. Culpable, even.
> 
>    As Linkers know "phoning home" and similar spyware is one of my hot buttons.  But in this case it probably doesn't go quite as far as circumventing firewalls, which I agree could be a criminal offence.
> 
>    Four variables define a particular TCP (or UDP) connection:  source and destination IP address and source and destination port.  When an application attempts to re­initiate an outbound connection to a particular server application on a particular system, both IP addresses and the destination port are fixed, so the source port is incremented to maintain unique identification of each attempt.  Normally, a response to an attempt which is not the last one is ignored.
> 

The fact is that the client is establishing the outbound connection
because of an inadequate firewalling policy.  Once the TCP socket has
been established between the client and wherever out there, it can be a
two way conduit and can just as easily be used to download malware onto
the client as it can be used to send data/files from the client out to
the Internet.

It just plain "Shouldn't happen".  No "ifs", no "buts".  No application
on a client has the right to surreptitiously phone home, or anywhere
else for that matter.


>    By the time the outgoing port wraps around, sufficient time has elapsed to ensure that the previous attempt on that port is well and truly lost.
> 
>    There is an alternative to Acrobat Reader, namely Ghostscript from Ghostgum Software in Glen Waverley, Victoria - http://www.ghostgum.com.au/   It reads PDF files, but is one of the few software products which will handle Adobe PostScript, commonly used in academia, and it's mainly used for that I think.
> 
>    Alternatively, you could stick with an earlier version.  Why did you need to upgrade?
> 
> ADL
> 
> ____________________________
> David Lochrin
> +61 2 9363 1094
> For PGP public key,  send mail
> to:  pgp-public-keys at keys.pgp.net
> subject:  GET David Lochrin
> 
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
-- 
Howard.
LANNet Computing Associates - Your Linux people <http://www.lannetlinux.com>
------------------------------------------
Flatter government, not fatter government - Get rid of the Australian states.
------------------------------------------
To mess up a Linux box, you need to work at it;
to mess up your Windows box, you just need to work on it.
 - Scott Granneman, SecurityFocus

More information about the Link mailing list