November 2006 Archives
Ah, digg. You came around some time ago, right as "Web 2.0" was getting really big. Throw in the "show/hide" comment javascript magic and you were a perfect fit for web 2.0 and AJAX (which you really are not, despite the fancy "show/hode" comment javascript... oh right, 2001 tricks).
Let's review a recent "digg": "World of Warcraft scans player's Internet Explorer browsing history".
GASP! A GAME! SCANNING MY HISTORY! INVASION OF PRIVACY AND I'M GOING TO BOYCOTT AND SUE!
For the linked picture, aka "proof" to all of you digg users, go here. For those of you who don't care to click (I'd be one of them in your shoes, I am rather boring), it's a screenshot of one of the best windows programs of all times: Process Explorer. In this screenshot, it shows a running copy of World of Warcraft (WoW.exe), and then it lists every file opened by WoW.exe. Semi-surprisingly, listed, is the poster's Internet Explorer history. C:\Document and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat. Yup, that's the history all right.
For those of you who don't know, and I'd assume that number to be many, World of Warcraft employs a nice little thing called "The Warden." The Warden is WoW's anti-cheat. But, not really. That's yet another misconception. The Warden runs every 10 or 15 seconds, searches out every running process, takes a hash of the process name, and compares it against a list of "known bad" (read: botting, hacking, etc.) programs. Yup, that's it. Compared to things like PunkBuster, the Warden is amazingly tame. It does basically nothing.
But never underestimate the power of stupidity, especially when it numbers in the seven million users range. Their anti-cheat has been accused of sending Social Security numbers, bank account numbers and PINs, e-mail addresses, and other "private information that I don't want Blizzard to have." None of this is true, of course, but again: stupidity comes with numbers. Will said anti-cheat read your Quicken title bar and grab your bank account number? Sure will. Will it send it off to Blizzard? Nope. Remember: it hashes the process name and then compares that hash to a list of known botting programs.
Average digg.com user: "So why in the world," (no pun intended) "is this game reading my history? I know you have an anti-cheat, and I know that it's rather invasive: BLIZZARD IS SCANNING MY WEB BROWSING ACTIVITY AND SENDING IT ALL BACK TO THE MOTHERSHIP!" Word for word? No. But do read the comments to the above link, and you'll find several people stating that.
The screenshot proves that WoW.exe can read your history. Nothing more. It does not prove anything more than that, period. "But the screenshot..! The open files!" In the words of the digg.com post:
"The linked screenshot provides proof that WoW developer Blizzard is actively scanning players' browsing history and cookies. Early speculation is that this is a countermeasure against cheaters, but players are arguing that Blizzard has no right to access this highly private data."
Hate to disappoint you, diggers: WoW uses Internet Explorer as part of the in-game engine. No wonder it has access to the history, it's using the browser! No joke? No joke, and no kidding. Want some proof? Here you go. Some more? More proof for you! One last bit? Sure! Even more proof? Here's the HTTP header that the launcher sends: "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)". Check that stuff out. Blizzard has a reason to be in your history! Even though they aren't. Shock.
"But the second link you gave there is just the launcher which runs before you start the game, and the last one is just a blank page!" Yeah, you got me there. That's because there aren't any alerts at the time of posting. And further, it's the "alerts" that are displayed in game when you login. Seriously. You know - that box you see sometimes when you login, that reads: "These realms are down/will be down! Enjoy your stay in WoW, and we're deeply sorry." Yup, that's a webpage, and yup, WoW.exe uses Internet Explorer to render it.
Which brings me to my (*ahem*) point. Digg users are lemmings. Here I thought the the slashdot moderation system encouraged "group think", but that's capped from -1 to +5. Digg is probably capped to 2^32, allowing for stupidity and group think to the scale of 4294967296. Because one person posted a screenshot and said, "here, proof that they WATCH ALL OF YOUR BROWSING HABITS," several hundred people hopped on the bandwagon of "lemming," walked on over to the World of Warcraft forums, and began spamming. They don't know any better: they're just another lemming.
Digg, while "cool," "popular," "web 2.0-ie," and "high traffic," has also become a synonym for "sheer and utter stupidity on a grand scale." It has one or two cool or funny links every so often, but the huge majority of anything on there is just sheer stupidity. Do I care about some guy's experience at a Taco Bell? Or a list of proxies? Maybe a really annoying, incredibly simple game? An idiot suing Amazon?
I believe a very good (not) description of the site is the one found if you google "digg": "Technology focused news site where the stories are chosen by community members rather than editors."
Lemmings, I tell you.
About two weeks ago, my sister was hit by an IM worm. "hey - i've got pictures of the group" from a good friend. Clickey clickey, bam, trojan'd. This happened relatively late at night, so the following evening she came down and asked me to fix it. A recap of what I found:
- Eight programs that phone home, download binaries, and run them
- Seven trojans/backdoors
- Eleven random viruses
- One spambot
Note the italics.
As I was cleaning the system out (before I knew of the spambot), I noticed the wireless connection was in heavy use. I didn't think too much about it, as it had several viruses on it then, but I also needed the networking in order to properly clean the system. It wasn't until I tried Trend Micro's Housecall service that I really looked into the networking problem, and noticed four packets sent for every one recieved.
Oops.
I grabbed a laptop, fired up an SSH session to my router, and then started the tcpdump. I must admit, while I hate spam, it was sending a seriously impressive volume of spam per minute. I reset tcpdump to only output data headed to :25/tcp remote, and it was connecting to a good fifty different servers per minute. Fifty different servers per minute. That's a ton of spam, and it was all going over my home cable connection.
I decided I had better fix that little problem quickly, and that meant an iptables rule. Behold the results:
pkts bytes target prot opt in out source destination>
5488 263K DROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
5488 different connection attempts in a matter of minutes. That's a lot of spam.
What scares me is that this was just one computer on a home residential computer. If my sister was hit with this worm, that means her friend also has it. And due to the nature of the IM networks, that likely means everyone my sister knows, and everyone of them and all of their contacts, also have this spambot churning out e-mail to the public as a whole.
Did I mention that's a lot of spam?
So, internet, sorry for not selectively blocking :25/tcp outbound in the first place. Sorry for sending out more spam in minutes than I get legit e-mail in three weeks. Oh, and sorry for having family members that don't know *nix. On the flip side, I have yet to see a good MSN client for *nix that features audio and video chat too, so until you can get me (or rather, my sister) that...
Tagging. It's all the craze now. It's helpful too, as it lets me select and find what I want out of an incredibly large amount of data. Tagging is the future!
So is Web 3.0. And this is what I want out of it:
(Right-click, View Image to enlarge, or whatever it is that you crazy IE users use. Or, heck, just click it.)
