CTuna@cup.portal.com (Don S Gladden) (04/30/91)
I found this file on a BBS locally, and thought it may be of interest to a lot of people. I would like to know more personally about this, if anyone has information on it. 159/250: Prodigy.....Warning!!! Name: Yosef, The Computer Rabbi #1 @2628 Date: Tue Mar 12 22:36:34 1991 From: Tech Centre One (Washington) 206-377-4493 RE: Yes Prodigy does e-mail... With regard to the postings going around about Prodigy's services and them using their software for checking "you out"... etc.. As I had seen some info on this, I decided to check it out. Upon examining my "STAGE.DAT" file, I found that it had in it text from some of my programs on my system, most notably from games. Prodigy has said that this can happen due to the "STAGE.DAT" file using "deleted file" space. Well, the games that were in this file were ones that were currently in use in my system, and had no files from them deleted. THERE IS NO WAY THAT PRODIGY COULD COME BY THIS HONESTLY!!! Due to this fact, I have cancelled my service and am considering taking further action. What you do with this information is your business, but I figure prospective users should be aware of such things when using or looking to subscribe to the service. Sub: IBM Info Center 199/250: Prodigy Name: Trigger #5 @7653 Date: Sat Mar 16 11:47:52 1991 From: The Dungeon (Upstate New York) 716-656-8573 I would think that the information which Prodigy can retrieve about your system may have been designed so that they could gain marketing information about you, so that they can adjust their advertising to suit. If this is true, and not a fault from programming, I find this to be criminally intrusive. I would hope that the FCC is aware of this, if not, perhaps fellow bbsers would care to create a letter writing campaign. Trigger The Dungeon @7653 716-656/c:>>>Trigger<<< Sub: IBM Info Center 234/250: Something is screwy here.... Name: Eagle #218 @7310 Date: Sun Mar 17 15:41:32 1991 From:^Eldritch Boulevard (Virginia) 703-931-0431 RE: Prodigy.....Warning!!! BY: Yosef, The Computer Rabbi #1 @2628 so basically speaking Prodigy knows what's on your system, I say we all carefully examine this and take a few steps furthur. I swear, maybe we could get a big law suit going. Hmmmmmmm E A G L E This space for rent!!! Sub: IBM Info Center 235/250: Prodigy... Name: Bluestreak #243 @7310 Date: Sun Mar 17 22:11:21 1991 From:^Eldritch Boulevard (Virginia) 703-931-0431 Hmm... I have Prodigy... Maybe I should check out that Stage.DAT file... DDD===pppBLUESTREAKppp===DDD Sub: IBM Info Center 65/250: Agreed, Trigger! Name: Wayne #44 @9995 Date: Wed Mar 20 01:13:52 1991 From: Bovine BBS (North Carolina) 919-493-4498 RE: Prodigy It was recently posted that someone had looked at their STAGE.DAT file in their PRODIGY directory. They were amazed at the info that had been pulled into this file by Prodigy. I immediately checked my own STAGE.DAT and, sure enough, there were .DOCS from my MS-WORD directory, files from my QMODEM directory and several other files that you, normally, would not find in a directory of Online Computer Services. I have moved my Prodigy program to disk on the outside chance that I may use it again. I'm really p.o.'d about it and haven't, yet, decided what I will do. Maybe discuss the matter with several of my law professors. Sub: IBM Info Center 71/250: regarding the Prodigy fraud investigation... Name: James Arthur Strohm #154 @5282 Date: Thu Mar 21 16:21:30 1991 From: Klingon Empire (South/Central Texas) 512-459-1088 RE: URGENT! Read this now! [RT] The Electronic Freedom Foundation is, even as we read this, already aware of those investigations and is pursuing its own independent study. I'll share any new information I learn. **> WWIVNet Origin: Klingon Empire BBS >*< 1200-2400bd >*< 512-459-1088 Sub: IBM Info Center 116/250: STAGE.DAT Name: Wayne #44 @9995 Date: Thu Mar 21 22:37:39 1991 From: Bovine BBS (North Carolina) 919-493-4498 RE: Prodigy... RE: Prodigy It was recently posted that someone had looked at their STAGE.DAT file in their PRODIGY directory. They were amazed at the info that had been pulled into this file by Prodigy. I immediately checked my own STAGE.DAT and, sure enough, there were .DOCS from my MS-WORD directory, files from my QMODEM directory and several other files that you, normally, would not find in a directory of Online Computer Services. I have moved my Prodigy program to disk on the outside chance that I may use it again. I'm really p.o.'d about it and haven't, yet, decided what I will do. Maybe discuss the matter with several of my law professors. Sub: IBM Info Center 171/250: well.. Name: Terminal Terror #83 @2306 Date: Sun Mar 24 17:30:56 1991 From: Cheers! (Connecticut) 203-826-6249 BY: Blakdelvi #279 @2306 RE: prodigy checking personal files??? ...i ripped out my backup copy of prodigy.. sure enough.. STAGE.DAT was there.. guess what was in it: part of my telemate dialing directory some PERSONAL letters I had on my system bits and pieces of almost ever .ASM file on my system (seems they are looking to pirate code eh??) and some EXE files (at least headers) I couldn't Identify.. MZ every couple of K.. geesh I am now going to contact my lawyer to see if what they are doing is legal (I know it isn't) and to find out what >I< can do about it... probably not much.. anyways.. if your on prodigy.. GET OFF!!! don't call em again, don't use their software.. BACK IT UP, and REMOVE IT FROM YOUR HARD DRIVE. make sure you DO make a backup though.. just in case something ELSE like this comes up... you can se what else prodigy knows about you.. Sub: IBM Info Center ********************************************************************* The following is a rebuttal to the charges above: ********************************************************************* The following is my personal response to a file called FRAUD.ZIP which I found on several local bulletin boards. The text file described the fact that the PRODIGY STAGE.DAT file contains unrightfully information about ones system, such as names of files and personal information such as in check books and other data. I examined STAGE.DAT and sure enough I did find about 200 Kbytes of information that's part of my system and which does have no connection with the PRODIGY software. Here are some examples: Portions of source code for my C compiler, including junks of libraries; Segments of data and code of the C compiler itself; Personal data from an information manager I use; Fragments of directories, and so on... I found out about this a couple of years back when I first looked at STAGE.DAT - and I did get upset too. But I do not believe that PRODIGY is messing with my data though it would be easy for them to do so (and you NEVER would know): Portion of the PRODIGY package is written in C (Microsoft I believe). C makes use of memory management via functions called block allocaters (malloc(), alloc()...) to set aside an available portion of RAM which the program (PRODIGY software in this case) needs for variables, data buffering, remote code segments and such. Memory allocation (using C malloc) just makes sure that RAM is reserved for whatever need and returns a pointer back to the program (of that RAM block). What malloc() doesn't do is wipe anything out that is still left in memory such as garbage from whatever you did run since you turned on your system. Here's an example: Let's say you just booted your computer. You run a word processor and edit a large file. Your document resides somewhere in memory while you edit it (obviously). Now you exit your editor and run PRODIGY, which in turn goes ahead and sets up its stuff, such as allocating memory. Nobody knows at this time what RAM resources are available at which memory location so it is very possible that free RAM that did hold your document from the editor before is all of a sudden inside that memory block (again, the memory does not get 'zapped' or 'cleaned up' by malloc). PRODIGY saves memory frequently - such as that reserved part of RAM (this is done for speed reasons - certain repetitive features and data of the service don't have to be transmitted again - they just get pulled off your hard disk because they have been saved before). If memory is written to your disk but if it has not all been filled with PRODIGY data yet - whatever garbage it holds in that leftover, unused portion of it will be written to your disk also. Anyway, I am not working for PRODIGY nor am I completely satisfied with this growing service yet. Nevertheless I do not believe that it does snoop around our systems though this thought is very tempting to me also. There have been a few unhappy PRODIGY customers which were trying to make use of its former 'free electronic mail' service for their own soliciting interests. That's when PRODIGY started changing their policies on mail and now charges $0.25 per message (after you have used up the 25 free personal mailings per month). These individuals which have been hit by this got very upset and started boycotting the service. It just might be possible that FRAUD.ZIP was partially originated by these people. FRAUD.ZIP makes a point which I do not dispute and raises valid questions. I just wanted to state my view on this issue. Finally: I think PRODIGY - since it could have the ability to snoop around in ones system - should provide on request its users with a written statement as to the fact that it will not gather ANY information from the users property. - Or they fix their software so any memory is 'zapped' before it gets used. I hope you understood my point (I am German and English is a little difficult for me). Franz, PRODIGY ID: KCGV38A
raymond@math.berkeley.edu (Raymond Chen) (05/01/91)
Interested readers should follow the discussion in comp.risks. One theory is that the information enters the Prodigy files purely by accident when the Prodigy software requests disk buffers from DOS and doesn't bother to zero them out. So whatever leftover junk was in the disk buffer makes its way into your Prodigy file. `Don't attribute to maliciousness what can easily be explained by stupidity.'
ong@d.cs.okstate.edu (ONG ENG TENG) (05/02/91)
From article <1991May1.161749.25807@agate.berkeley.edu>, by raymond@math.berkeley.edu (Raymond Chen): > Interested readers should follow the discussion in comp.risks. > > One theory is that the information enters the Prodigy files purely > by accident when the Prodigy software requests disk buffers from DOS > and doesn't bother to zero them out. So whatever leftover junk was > in the disk buffer makes its way into your Prodigy file. > > `Don't attribute to maliciousness what can easily be explained by stupidity.' First I like to say that I ran a small test and find the above to be true. But... What if Prodigy knows of this "problem" with DOS and delibrately use it to upload the "junk" to their main computer for evaluation for whatever purpose, knowing full well that they could blame it on DOS if things should go to court. Can someone with Prodigy and some software savy debug the Prodigy software to see if the STAGE.DAT file is somehow uploaded to their main computer?
CTuna@cup.portal.com (Don S Gladden) (05/02/91)
Interested readers should follow the discussion in comp.risks. * * One theory is that the information enters the Prodigy files purely * by accident when the Prodigy software requests disk buffers from DOS * and doesn't bother to zero them out. So whatever leftover junk was * in the disk buffer makes its way into your Prodigy file. * * `Don't attribute to maliciousness what can easily be explained by stupidity.' (Forgive the strange message indentifiers, I haven't figured out how to add a prefix character on Portal yet....) Anyway, even if this is 'accidental', it *still* allows your information to be accessed by Prodigy. The point I make here, is that Prodigy has the POSSIBILITY of "stealing" information from you. Is that legal? Even if it is not intentional, now that this discussion is out, will some employee of Prodigy take advantage of this? How many people have credit card numbers in one or more of their disk files? I simply do not like the idea of the *CHANCE* of someone getting information like this. Don
jcwasik@PacBell.COM (Joe Wasik) (05/02/91)
In article <1991May1.161749.25807@agate.berkeley.edu> raymond@math.berkeley.edu (Raymond Chen) writes: >One theory is that the information enters the Prodigy files purely >by accident when the Prodigy software requests disk buffers from DOS >and doesn't bother to zero them out. So whatever leftover junk was >in the disk buffer makes its way into your Prodigy file. It's reasonable to accept the above as true. Has anyone who's been shouting "thief" even considered why -- if Prodigy wanted to steal information, that it would leave evidence behind in their own file? If their software wanted to, it would have no problem sending the contents of your entire hard disk, both regular and deleted files, and the contents of your memory, floppy drives, and ram disk -- all without a trace. In fact, if it was a really smart thief, it would revise its own software after-the-fact to remove that part of it that did the stealing. Furthermore, as a *former* user of Prodigy, if they ever did think that by "knowing" me better they could sell me better... it didn't work. -- Joe Wasik, Pac*Bell, 2600 Camino Ramon, Rm 4E750V, San Ramon, CA (415)823-2422 email: jcwasik@clib.PacBell.COM or [...]!pacbell!clib!jcwasik Sloganeering (slo-gan-err-ing) v. The act of believing that people can be motivated by expressing a phrase. [See "We value..."]
ong@d.cs.okstate.edu (ONG ENG TENG) (05/03/91)
From article <41918@cup.portal.com>, by CTuna@cup.portal.com (Don S Gladden): > Interested readers should follow the discussion in comp.risks. * > * > One theory is that the information enters the Prodigy files purely * > by accident when the Prodigy software requests disk buffers from DOS * > and doesn't bother to zero them out. So whatever leftover junk was * > in the disk buffer makes its way into your Prodigy file. * > * > `Don't attribute to maliciousness what can easily be explained by stupidity.' Hey people, look what some one else post in misc.consumers: --------------------------------------------------------------------------- Subject: Beware, Prodigy users Today's Wall Street Journal reports that Prodigy has the ability to peek into usr's private files on PCs. Prodigy's service access software copies random pieces of disk files into special files which can be accessed by Pordigy's central computers. Prodigy acknowledges the situation but insists that it has never looked at the files and has no intention of doing so. No explanation was given on why the the software was programmed to do that. ---------------------------------------------------------------------------
campbell@dev8j.mdcbbs.com (Tim Campbell) (05/07/91)
In article <1991May2.181827.9230@d.cs.okstate.edu>, ong@d.cs.okstate.edu (ONG ENG TENG) writes: > Hey people, look what some one else post in misc.consumers: > > --------------------------------------------------------------------------- > Subject: Beware, Prodigy users > > Today's Wall Street Journal reports that Prodigy has the ability to peek > into usr's private files on PCs. Prodigy's service access software > copies random > pieces of disk files into special files which can be accessed by Pordigy's > central computers. > > Prodigy acknowledges the situation but insists that it has never looked at the > files and has no intention of doing so. No explanation was given on why the > the software was programmed to do that. > --------------------------------------------------------------------------- How convenient. Frankly I just don't care what the excuse is. It was wrong to know about it and not disclose it openly. If they claim ignorance then it was still wrong of them not to realize the risk. Back when I had Prodigy, I recall watching the disk light blink along with the modem and thinking "gosh - these guys could be doing anything at all to my computer and I would never know". I often thought about hooking a data scope to the modem to find out exactly what they do that I'm not seeing. Yes - it's paranoia - it's the same paranoia that causes me to use passwords on my systems here at work and a lock on my house and my car. Why should we be expected to beleive that they're honest? It's not like they're my best friend or anything like that so I should just trust them implicitly. Not surprisingly, Prodigy has taken their usual apothetic arrogant stance. -Tim -- --------------------------------------------------------------------------- In real life: Tim Campbell - Electronic Data Systems Corp. Usenet: campbell@dev8.mdcbbs.com @ McDonnell Douglas M&E - Cypress, CA also: tcampbel@einstein.eds.com @ EDS - Troy, MI CompuServe: 71631,654 (alias 71631.654@compuserve.com)