Netzero technology's challenge: please help!
Jack Frustum
On 2002-02-03, DaveK (sp...@spam.spam.spam.egg.chips.and.invalid)
wrote:
> > >Well, you've run their software and it could have done almost anything,
> > >but two fairly likely possibilities are that it's created either a file or a registry
> > >key in some out-of-the-way and unexpected place far from where the rest
> > >of its installation is, and it's checking for that.
> >
> >I thought that... However, to eliminate that possibility I got a new
> >Netzero account from a library computer, then I used computer 1
> >at my home to install the Netzero software in order to extract the
> >DUN information. Then I used computer 2 (on which Netzero
> >software was never installed) in order to dial in with DUN. I
> >got exactly the same result. Then I tried dialing in with the same
> >username/password from a friend's home, on her computer, and
> >it worked fine, I got the connection! So it appears they somehow
> >can establish that I call from the same phone line, in spite of my
> >dialing *67 beforehand... But how?
>D'oh! Of course. It's a free-phone number, right? Sorry d00d, game
>over. Doesn't matter what you dial first, they still get your number,
>because they're paying for the call: this is standard with all freephone
>numbers. The telco's equipment tracks all the incoming calls so that the
>telco can know how much to bill the freephone service operator.
No, sorry, actually it's not a free number.
I experimented with reinstalling the Netzero software and monitoring
the installation with InControl 5...
There is an incredible amount of registry entries and files left all
over the place by their software, and even an executable left in
Program Files\Common Files, which stay on the PC even after
uninstalling their software and cleaning the registry.
I thought it over and I think there is a good chance that some of
these files were updated every time I reinstalled the software in
order to extract the new usernames/passwords and that the new accounts
were linked with the old ones this way at their site when I connected
for the first time with their software in order to extract the
encrypted password.
So I am now using a spare hard drive to extract the info for a fresh
account, then formatting it, reinstalling Win98, extracting the info
for the next, reformatting the hard drive, and so on. If they can
still link the accounts, it will definitely mean that they have the
technology to know my phone number even though I always dial *67 and
the number that I dial for the connection is not a free one.
Any thoughts on this?
To be honest, I was expecting a little more participation from the
newsgroup, since I believe this is a pretty alarming issue.
Jack Frustum
-----= Posted via Newsfeed.Com, Uncensored Usenet News =-----
http://www.newsfeed.com - The #1 Newsgroup Service in the World!
-----== 90,000 Groups! - 17 Servers! - Unlimited Download! =-----
DaveK
news:3c5ef186...@post.newsfeeds.com...
Double D'oh! Why's it called netzero then? Nah, never mind! Ok, it
certainly seems they must be getting your number.
> I experimented with reinstalling the Netzero software and monitoring
> the installation with InControl 5...
> There is an incredible amount of registry entries and files left all
> over the place by their software, and even an executable left in
> Program Files\Common Files, which stay on the PC even after
> uninstalling their software and cleaning the registry.
> I thought it over and I think there is a good chance that some of
> these files were updated every time I reinstalled the software in
> order to extract the new usernames/passwords and that the new accounts
> were linked with the old ones this way at their site when I connected
> for the first time with their software in order to extract the
> encrypted password.
>
> So I am now using a spare hard drive to extract the info for a fresh
> account, then formatting it, reinstalling Win98, extracting the info
> for the next, reformatting the hard drive, and so on. If they can
> still link the accounts, it will definitely mean that they have the
> technology to know my phone number even though I always dial *67 and
> the number that I dial for the connection is not a free one.
>
> Any thoughts on this?
>
> To be honest, I was expecting a little more participation from the
> newsgroup, since I believe this is a pretty alarming issue.
>
> Jack Frustum
Well, as to the way it leaves stuff lying around: that's quite common, I
think. I've noticed that paint shop pro 30-day trial versions know when
they've been on your machine before, although never stopped to look how
exactly they do it. As you'll find, though, it's a reasonably
straightforward matter to find out what's been left behind, and I'm not sure
why you didn't first try just removing those leftovers that In Control 5
discovered and see if that was enough to get the account working. If
they've left active running spyware installed that's just plain wrong, and
should be exposed as such, but if they've just left a dummy file lying
around somewhere with a timestamp or similar, well, you got to expect them
to make at least a slight effort to stop people cheating, it's no real
surprise.
Now, as to the phone thing, well again, it's something that you simply
have to expect: dialling *67 does not actually make you anonymous in any
serious regard whatsoever, after all your call is coming into the exchange
down a wire that actually goes to your house, so no phone call is ever
anything other than completely traceable. The info about your phone # is
still in the system and propagated around it, and the call information is
logged against it for your bill. I don't think the telco is under any legal
or contractual obligation to honour *67, I think it's something they offer
at their own discretion, isn't it? Anyway, the only way you can ever hope
for real phone anonmyity is to not use your own line!
So, sorry not to have any simple answers there. Anything they leave on
your machine can be worked around, but I don't think you'll be able to
conceal your identity from them without a) changing your phone number, or b)
finding someone who knows a hell of a lot of old-skool fone phreaking.
DaveK
--
moderator of
alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
Burn your ID card! http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!
Proud Member of the Exclusive "I have been plonked by Davee because he
thinks I'm interesting" List Member #<insert number here>
Master of Many Meowing Minions
Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above
and beyond the call of hilarity.