lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3fa2f5bb05092015552dec7702@mail.gmail.com>
Date: Tue, 20 Sep 2005 15:55:54 -0700
From: Berend-Jan Wever <berendjanwever@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Google Secure Access or "How to have people
	download a trojan."

This is a quite pathetic attempt to install a trojan, let me explain:
 <snippets href="http://wifi.google.com/faq.html">

   1. "Google Secure Access is a downloadable client application that 
   allows users to establish a more secure WiFi connection." 
   2. "...your internet traffic will be encrypted, preventing others from 
   viewing the information you transmit."

</snippets>
 So, by "more secure" Google means using encryption to prevent "others" from 
sniffing your packets. That's nice! What else does it do? Here's some 
information from the privacy policy:

<snippets href="http://wifi.google.com/privacy-policy.html">

   1. "Google may log some information from your web page requests ..." 
   2. "Google also logs a small set of non-personally identifiable 
   information ..." 
   3. "Google will not sell or provide personally identifiable 
   information to any third parties except ..." 
   4. "... we may for a limited period of time preserve additional 
   internet traffic or other information."

</snippets>
 Aha! What we have here is trojan spyware! It does exactly what it is 
supposed to protect you from.
 The second snippet clearly states that this concerns NON-personally 
identifiable information... what about the information mentioned in the 
first snippet, is that personally identifiable? I guess so; the third 
snippet mentions Google selling or providing personally identifiable 
information, this must have come from somewhere!
 In the third snippet, Google neglects to mention non-personally 
identifiable information. What about selling that? I guess they do!
 The best thing about the whole policy is the last snippet, which undoes 
_everything_ stated before it. Nice one Google!! ;)
 I suggest that Google comes clean and replaces their privacy policy with a 
shorter, less confusing version:

*Here's some candy, go play!*
Btw. All your base are belong to us.

 Cheers,
SkyLined
 -- 
Berend-Jan Wever <berendjanwever@...il.com>
http://www.edup.tudelft.nl/~bjwever

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ