cole@kuhub.cc.ukans.edu (04/23/91)
Could someone please tell me if it is possible to use the prodigy service with an amiga? I've seen PC clones for sale that come with prodigy specific software. Is there software available for the amiga as well? Is this prodigy software prodigy specific? Does it allow the prodigy user to do things that aren't possible with an amiga running a commercial softeware product? Any help would be greatly appreciated. Tom Cole University of Kansas
owen@euclid.enet.dec.com (Steve Owen) (04/23/91)
In article <1991Apr22.133438.29891@kuhub.cc.ukans.edu>, cole@kuhub.cc.ukans.edu writes... >Could someone please tell me if it is possible to use the prodigy service >with an amiga? I've seen PC clones for sale that come with prodigy specific >software. Is there software available for the amiga as well? Is this prodigy >software prodigy specific? Does it allow the prodigy user to do things that >aren't possible with an amiga running a commercial softeware product? > >Any help would be greatly appreciated. > >Tom Cole >University of Kansas Tom, About 6 months ago this very question caused quite a stir around here. Apparently Prodigy (a joint venture between IBM and Sears(?)) won't port over to the Amiga. One of the reasons given was that the Amiga would make it look bad because it's special graphics chips would make the screen updates tons faster than an IBM or MAC. Anyway, everyone wrote letters to prodigy and called them up and told them to port it over to the Amiga, but alas they didn't. I guess if they did, the Amiga would become a 'legit' computer in their minds. You don't want it anyway... it sucks. **** /// ********************************************************************** /// Only AMIGA makes it possible! Steve Owen: owen@euclid.enet.dec.com \\\/// Amiga, Unix, Mac, IBM... all Digital Equipment Corp., Maynard MA \XX/ on one machine! ------------------------------------------------------------------------------- *** SAVE TWIN PEAKS!!! Mail me for more info. *** *******************************************************************************
dusek@motcid.UUCP (James P. Dusek) (04/25/91)
owen@euclid.enet.dec.com (Steve Owen) writes: >Anyway, everyone wrote letters to prodigy and called them up and told them to >port it over to the Amiga, but alas they didn't. I guess if they did, the >Amiga would become a 'legit' computer in their minds. >You don't want it anyway... it sucks. I can't agree with you more.I've used prodigy and I really didn't like it.If you want a telecomm service try GEnie.the base fee is 4.95 a month,and it covers most of the same stuff that prodigy covers.Also there are other features (at $6.00 an hour) That blow prodigy away.For one there Air Warrior which lets you fly ww1 and ww2 aircraft in combat,lots of fun! -J.D- aka Paladin (FUBARS) (FUBARS are the best squadren in Air warrior :) ) p.s. if anyone from GEnie reads this some free time for the plug would be nice :) GEnie address J.DUSEK
dfrancis@tronsbox.xei.com (Dennis Heffernan) (04/26/91)
RE Prodigy There's a class action suit originating in California against Prodigy- a number of people claim that the Prodigy software glomms files off of their hard drives, puts them in a file called STUFF.DAT and uploads it to Prodigy. People examinging their STUFF.DAT files claim to have found copies of source code they've been working on, or even personal or government information from their HD's. I consider the lack of Prodigy availability for the Amiga to be a selling point. (I have a text file that goes into more detail on the case; if anyone wants it, email me.) dfrancis@tronsbox.xei.com ...uunet!tronsbox!dfrancis GEnie: D.HEFFERNAN1 ------------------------------------------------------------------------------ "I swear eternal hostility to all forms of tyranny over the Amiga OS." --me, with apologies to Thomas Jefferson and Alexander Addington :-)
jph@ais.org (Joseph Hillenburg) (04/27/91)
In article <1579@tronsbox.xei.com> dfrancis@tronsbox.xei.com (Dennis Heffernan) writes: > > RE Prodigy > > There's a class action suit originating in California against Prodigy- >a number of people claim that the Prodigy software glomms files off of their >hard drives, puts them in a file called STUFF.DAT and uploads it to Prodigy. >People examinging their STUFF.DAT files claim to have found copies of source >code they've been working on, or even personal or government information from >their HD's. > > I consider the lack of Prodigy availability for the Amiga to be a >selling point. > > (I have a text file that goes into more detail on the case; if anyone >wants it, email me.) Please send it to me! I wanna nail the local Prodigy yuppies. :) > > >dfrancis@tronsbox.xei.com ...uunet!tronsbox!dfrancis GEnie: D.HEFFERNAN1 >------------------------------------------------------------------------------ >"I swear eternal hostility to all forms of tyranny over the Amiga OS." > --me, with apologies to Thomas Jefferson and Alexander Addington :-) -- Joseph Hillenburg jph@irie.ais.org
m0154@tnc.UUCP (GUY GARNETT) (05/02/91)
Assuming no massive conspiracy, what's probably going on is that stuff.dat contains a memory image of the last Prodigy session (so that it can start-up and put you back where you want to be). MessyDOS has no real memory control system, so whatever was in RAM before you start Prodigy will still be there unless it is specifically overwritten. If the Prodigy software later saves the entire memory image, then areas that were never overwritten (like never-used data transfer buffers) will contain fragments of whatever was there before. Just about all software for the PC is suceptable to this: I first noticed it when programming in Turbo Pascal: my executable file seemed to contain fragments of the program source code (which was in the Turbo Editor just before Turbo compiled the program in memory, and saved it off to disk). Wildstar
cwpjr@cbnewse.att.com (clyde.w.jr.phillips) (05/02/91)
In article <+W6B79@irie.ais.org>, jph@ais.org (Joseph Hillenburg) writes: > In article <1579@tronsbox.xei.com> dfrancis@tronsbox.xei.com (Dennis Heffernan) writes: > > > > RE Prodigy > > > > There's a class action suit originating in California against Prodigy- > >a number of people claim that the Prodigy software glomms files off of their > >hard drives, puts them in a file called STUFF.DAT and uploads it to Prodigy. > >People examinging their STUFF.DAT files claim to have found copies of source > >code they've been working on, or even personal or government information from > >their HD's. > > > > I consider the lack of Prodigy availability for the Amiga to be a > >selling point. > > > > (I have a text file that goes into more detail on the case; if anyone > >wants it, email me.) > > Please send it to me! I wanna nail the local Prodigy yuppies. :) Since this is .misc post it here. I'm very interested. Prodigy is definately a "personal data collector" as I'll explain below but I did'nt know it was a data "stealer". YES! Nail the Puppy to the WALL! Essentially Prodigy has enough MIPS behind it to collect and analyse all your keystrokes while you are logged on. It analyses what groups you read, how often, what services you sign up for and what you purchase from the groups/services. At the very least this data is massaged into the "consumer profile" Direct Marketing mailing lists. It uses the lists internally to tailor ads for you online sessions, also. I'm certain the list are sold far and wide, commercially, also. So pay them to observe and analyse you if you like. I don't. If this were a partnership in any real sense I might consider it but just like speculatively developed tract housing sold as my dream house I don't buy it. Clyde
swarren@convex.com (Steve Warren) (05/02/91)
In article <1991May2.151223.19343@cbnewse.att.com> cwpjr@cbnewse.att.com (clyde.w.jr.phillips) writes: >In article <+W6B79@irie.ais.org>, jph@ais.org (Joseph Hillenburg) writes: >> In article <1579@tronsbox.xei.com> dfrancis@tronsbox.xei.com (Dennis Heffernan) writes: >>> >>> RE Prodigy >>> >>> There's a class action suit originating in California against Prodigy- >>>a number of people claim that the Prodigy software glomms files off of their >>>hard drives, puts them in a file called STUFF.DAT and uploads it to Prodigy. >>>People examinging their STUFF.DAT files claim to have found copies of source >>>code they've been working on,or even personal or government information from >>>their HD's. [...] >Since this is .misc post it here. I'm very interested. > >Prodigy is definately a "personal data collector" as I'll explain below >but I did'nt know it was a data "stealer". YES! Nail the Puppy to the WALL! > >Essentially Prodigy has enough MIPS behind it to collect and analyse >all your keystrokes while you are logged on. It analyses what groups >you read, how often, what services you sign up for and what you purchase >from the groups/services. [...] Well, if the stuff in this file is true, they are the lowest form of life in the universe. They are nothing less than electronic peeping Toms. I *spit* on them! Pthuiough! ;^) If this file is the truth, then I suspect that the reason they haven't ported Prodigy is because the security cracking part of the software is so machine- specific. Although actually the way they've done this is so stupid, I can't believe they would actually drop their drawers in public like this. Haven't they ever heard of encription? Begin included file: || | Subject: Beware Prodigy. No joke. || | || | Date: Wed May 01 07:51:18 PDT 1991 || | || | The email string below explains how Prodigy examines and uploads || | personal info from your hard disk during a session. Very scary. Makes || | you rethink using Prodigy for business work. || || | >From bradt Tue Apr 30 16:55:06 1991 || | | From hollyba Tue Apr 30 15:53:04 1991 || | | From franck Tue Apr 30 14:50:29 1991 || | | || | | Newsgroups: comp.risks || | | Subject: RISKS DIGEST 11.56 || | | || | | RISKS-LIST: RISKS-FORUM Digest Monday 29 April 1991 || | | Volume 11 : Issue 56 || | | || | | Prodigy: More of a Prodigy Than We Think? || | | By: Linda Houser Rohbough || | | || | | The stigma that haunts child prodigies is that they are || | | difficult to get along with, mischievous and occasionally, just || | | flat dangerous, using innocence to trick us. I wonder if that || | | label fits Prodigy, Sears and IBM's telecommunications network? || | | || | | Those of you who read my December article know that I was || | | tipped off at COMDEX to look at a Prodigy file, created when || | | Prodigy is loaded STAGE.DAT. I was told I would find in that || | | file personal information form my hard disk unrelated to Prodigy. || | | As you know, I did find copies of the source code to our product || | | FastTrack, in STAGE.DAT. The fact that they were there at all || | | gave me the same feeling of violation as the last time my home || | | was broken into by burglars. || | | || || | | I invited you to look at your own STAGE.DAT file, if you're || | | a Prodigy user, and see if you found anything suspect. Since || | | then I have had numerous calls with reports of similar finds, || | | everything from private patient medical information to classified || | | government information. || | | || || | | The danger is Prodigy is uploading STAGE.DAT and taking a || | | look at your private business. Why? My guess is marketing || | | research, which is expensive through legitimate channels, and || | | unwelcomed by you and I. The question now is: Is it on purpose, || | | or a mistake? One caller theorizes that it is a bug. He looked || | | at STAGE.DAT with a piece of software he wrote to look at the || | | physical location of data on the hard disk, and found that his || | | STAGE.DAT file allocated 950,272 bytes of disk space for storage. || | | || || | | Prodigy stored information about the sections viewed || | | frequently and the data needed to draw those screens in STAGE.DAT. || | | Service would be faster with information stored on the PC rather || | | then the same information being downloaded from Prodigy each time. || | | || || | | That's a viable theory because ASCII evidence of those || | | screens shots can be found in STAGE.DAT, along with AUTOEXEC.BAT || | | and path information. I am led to belive that the path and || | | system configuration (in RAM) are diddled with and then restored || | | to previous settings upon exit. So the theory goes, in allocating || | | that disk space, Prodigy accidently includes data left after an || | | erasure (As you know, DOS does not wipe clean the space that || | | deleted files took on the hard disk, but merely marked the space || | | as vacant in the File Allocation Table.) || | | || || | | There are a couple of problems with this theory. One is || | | that it assumes that the space was all allocated at once, meaning || | | all 950,272 bytes were absorbed at one time. That simply isn't || | | true. My STAGE.DAT was 250,000+ bytes after the first time I || | | used Prodigy. The second assumption is that Prodigy didn't want || | | the personal information; it was getting it accidently in || | | uploading and downloading to and from STAGE.DAT. The E-mail || | | controversy with Prodigy throws doubt upon that. The E-mail || | | controversy started because people were finding mail they sent || | | with comments about Prodigy or the E-mail, especially negative || | | ones, didn't ever arrive. Now Prodigy is saying they don't || | | actually read the mail, they just have the computer scan it for || | | key terms, and delete those messages because they are responsible || | | for what happens on Prodigy. || | | || || | | I received a call from someone from another user group who || | | read our newsletter and is very involved in telecommunications. || | | He installed and ran Prodigy on a freshly formatted 3.5 inch || | | 1.44 meg disk. Sure enough, upon checking STAGE.DAT he discovered || | | personal data from his hard disk that could not have been left || | | there after an erasure. He had a very difficult time trying to || | | get someone at Prodigy to talk to about this. || | | || || | | -------------- || | | || | | Excerpt of email on the above subject: || | | || | | THERE'S A FILE ON THIS BOARD CALLED 'FRAUDIGY.ZIP' THAT I SUGGEST || | | ALL WHO USE THE PRODIGY SERVICE TAKE ***VERY*** SERIOUSLY. THE || | | FILE DESCRIBES HOW THE PRODIGY SERVICE SEEMS TO SCAN YOUR HARD || | | DRIVE FOR PERSONAL INFORMATION, DUMPS IT INTO A FILE IN THE PRODIGY || | | SUB-DIRECTORY CALLED 'STAGE.DAT' AND WHILE YOU'RE WAITING AND || | | WAITING FOR THAT NEXT MENU COME UP, THEY'RE UPLOADING YOUR STUFF || | | AND LOOKING AT IT. || | | || | | TODAY I WAS IN BABBAGES'S, ECHELON TALKING TO TIM WHEN A || | | GENTLEMAN WALKED IN, HEARD OUR DISCUSSION, AND PIPED IN THAT HE || | | WAS A COLUMNIST ON PRODIGY. HE SAID THAT THE INFO FOUND IN || | | 'FRAUDIGY.ZIP' WAS INDEED TRUE AND THAT IF YOU READ YOUR ON-LINE || | | AGREEMENT CLOSELY, IT SAYS THAT YOU SIGN ALL RIGHTS TO YOUR || | | COMPUTER AND ITS CONTENTS TO PRODIGY, IBM & SEARS WHEN YOU AGREE || | | TO THE SERVICE. || | | || | | I TRIED THE TESTS SUGGESTED IN 'FRAUDIGY.ZIP' WITH A VIRGIN || | | 'PRODIGY' KIT. I DID TWO INSTALLATIONS, ONE TO MY OFT USED HARD || | | DRIVE PARTITION, AND ONE ONTO A 1.2MB FLOPPY. ON THE FLOPPY || | | VERSION, UPON INSTALLATION (WITHOUT LOGGING ON), I FOUND THAT THE || | | FILE 'STAGE.DAT' CONTAINED A LISTING OF EVERY .BAT AND SETUP FILE || | | CONTAINED IN MY 'C:' DRIVE BOOT DIRECTORY. USING THE HARD DRIVE || | | DIRECTORY OF PRODIGY THAT WAS SET UP, I PROCEDED TO LOG ON. I || | | LOGGED ON, CONSENTED TO THE AGREEMENT, AND LOGGED OFF. REMEMBER, || | | THIS WAS A VIRGIN SETUP KIT. || | | || | | AFTER LOGGING OFF I LOOKED AT 'STAGE.DAT' AND 'CACHE.DAT' || | | FOUND IN THE PRODIGY SUBDIRECTORY. IN THOSE FILES, I FOUND || | | POINTERS TO PERSONAL NOTES THAT WERE BURIED THREE SUB-DIRECTORIES || | | DOWN ON MY DRIVE, AND AT THE END OF 'STAGE.DAT' WAS AN EXACT || | | IMAGE COPY OF MY PC-DESKTOP APPOINTMENTS CALENDER. || | | || | | CHECK IT OUT FOR YOURSELF. || | | || | | ### END OF BBS FILE ### || | | || | | I had my lawyer check his STAGE.DAT file and he found none other || | | than CONFIDENTIAL CLIENT INFO in it. || | | || | | Needless to say he is no longer a Prodigy user. || | | || | | || | | Mark A. Emanuele V.P. Engineering Overleaf, Inc. || | | 218 Summit Ave Fords, NJ 08863 (908) 738-8486 || | | emanuele@overlf.UUCP || | || || | _. --Steve ._||__ DISCLAIMER: All opinions are my own. Warren v\ *| ---------------------------------------------- V {uunet,sun}!convex!swarren; swarren@convex.com --
alex@bilver.uucp (Alex Matulich) (05/06/91)
In article <1991May02.160135.20734@convex.com> swarren@convex.com (Steve Warren) writes:
[lots of quotes about how Prodigy must be stealing private data deleted]
COME ON PEOPLE! You are making a fuss about what is probably nothing at
all. Doesn't anybody realize that under MSDOS, when a program allocates
file space for itself on the hard disk, that space may contain fragments
of files that used to occupy that space? When you allocate file space,
the space is NOT cleared.
If you REALLY want to test if Prodigy is glomming data from your hard
disk then try the following. It will determine once and for all if the
allegations are true.
1) First, use a utility like PCTools Compress to defragment your drive and
CLEAR THE FREE CLUSTERS. This will cause all unused space to be cleared,
and not contain fragments of other things that used to be there.
2) Then, run Prodigy. From a floppy, to make the test more conclusive, if
necessary. When you are through I'll bet that the Prodigy files STAGE.DAT
and CACHE.DAT won't contain anything but Prodigy-related data.
I am not a Prodigy subscriber. If anybody out there is, please perform
the above test and post the results before doing any more bashing.
(insert usual disclaimer about not being associated with Prodigy here)
My opinions DO represent the opinions of my company, so there.
--
_ |__ Alex Matulich
/(+__> Unicorn Research Corp, 4621 N Landmark Dr, Orlando, FL 32817
//| \ UUCP: alex@bilver.uucp <or> ...uunet!tarpit!bilver!alex
///__) bitnet: IN%"bilver!alex@uunet.uu.net"es1@cunixb.cc.columbia.edu (Ethan Solomita) (05/06/91)
In article <1991May5.205134.665@bilver.uucp> alex@bilver.uucp (Alex Matulich) writes: >In article <1991May02.160135.20734@convex.com> swarren@convex.com (Steve Warren) writes: >[lots of quotes about how Prodigy must be stealing private data deleted] > >COME ON PEOPLE! You are making a fuss about what is probably nothing at >all. Doesn't anybody realize that under MSDOS, when a program allocates >file space for itself on the hard disk, that space may contain fragments >of files that used to occupy that space? When you allocate file space, >the space is NOT cleared. > The post mentioned that the person ran Prodigy off of a floppy and files from the hard drive still appeared in that file. Of course, I don't know if that's true or not, but it was mentioned and it is a pretty clear proof. -- Ethan "Brain! Brain! What is Brain?"
kdarling@hobbes.catt.ncsu.edu (Kevin Darling) (05/07/91)
>>[lots of quotes about how Prodigy must be stealing private data deleted] >> >>COME ON PEOPLE! You are making a fuss about what is probably nothing at >>all. Doesn't anybody realize that under MSDOS, when a program allocates >>file space for itself on the hard disk, that space may contain fragments >>of files that used to occupy that space? When you allocate file space, >>the space is NOT cleared. >> > The post mentioned that the person ran Prodigy off of a >floppy and files from the hard drive still appeared in that file. Apparently the cause for that is also similar to the first explanation: previously used data is still in _memory_, and is written out along with the new Prodigy info to whichever disk is then being used. It really seems to be an innocent deal. Tho no doubt Prodigy will revamp their software to clear memory/disk space out first from now on <g>. best - kev <kdarling@catt.ncsu.edu>
nj@magnolia.Berkeley.EDU (Narciso Jaramillo) (05/07/91)
In article <1991May5.205134.665@bilver.uucp> alex@bilver.uucp (Alex Matulich) writes:
[about Prodigy's STAGE.DAT file]
COME ON PEOPLE! You are making a fuss about what is probably nothing at
all. Doesn't anybody realize that under MSDOS, when a program allocates
file space for itself on the hard disk, that space may contain fragments
of files that used to occupy that space? When you allocate file space,
the space is NOT cleared.
The real problem is not whether Prodigy intentionally included code in
the client program to grab files off your hard disk. Whether or not
it's intentional, it's still a security risk; through the STAGE.DAT
file, your data is now accessible to any programmer who works at
Prodigy, including J. Random Hired Hacker who feels like inserting
commands into the server software to grab your data just for laughs.
Granted, if Prodigy really wanted to steal your data it could do it
directly from the client program you run to connect to the system.
But even clumsy security risks are still risks; your home is just as
unsafe if you leave the door unlocked as if someone breaks in.
njdltaylor@cns.SanDiego.NCR.COM (Dan Taylor) (05/07/91)
"clean-room" tests of "prodigy" have shown that unassociated files, even from different drives, have appeared on freshly formatted drives used for Prodigy, as reported in the PC newsgroups. I have also read that Prodigy will now clean out the workspace files. Is this before, or AFTER, any alleged transfers? However, since we can't run it, except on BridgeBoards, maybe this could trail over to the PC groups? Dan Taylor /* My own opinions, not NCR's. */
swarren@convex.com (Steve Warren) (05/07/91)
In article <1991May5.205134.665@bilver.uucp> alex@bilver.uucp (Alex Matulich) writes: >In article <1991May02.160135.20734@convex.com> swarren@convex.com (Steve Warren) writes: >[lots of quotes about how Prodigy must be stealing private data deleted] Pay attention, Alex. I never said that "Prodigy must be stealing private data." If I did, then produce the quote. Otherwise shut up. What I said was that if the information contained within the quoted article was actually true, then Prodigy is lowlife scum. I stand by that statement. >COME ON PEOPLE! You are making a fuss about what is probably nothing at >all. Doesn't anybody realize that under MSDOS, when a program allocates >file space for itself on the hard disk, that space may contain fragments >of files that used to occupy that space? When you allocate file space, >the space is NOT cleared. Did you even read the article? Let me refresh your memory. From my article (quoting another article): [...] > I TRIED THE TESTS SUGGESTED IN 'FRAUDIGY.ZIP' WITH A VIRGIN >'PRODIGY' KIT. I DID TWO INSTALLATIONS, ONE TO MY OFT USED HARD >DRIVE PARTITION, AND ONE ONTO A 1.2MB FLOPPY. ON THE FLOPPY >VERSION, UPON INSTALLATION (WITHOUT LOGGING ON), I FOUND THAT THE >FILE 'STAGE.DAT' CONTAINED A LISTING OF EVERY .BAT AND SETUP FILE >CONTAINED IN MY 'C:' DRIVE BOOT DIRECTORY. Now, if you had bothered to read this, you would have realised that he is talking about a seperate installation onto a floppy. *You* tell *me* how a listing of his hard drive .BAT and setup files got installed into the prodigy data file on his floppy? Then Alex said... : >2) Then, run Prodigy. From a floppy, to make the test more conclusive, if >necessary. When you are through I'll bet that the Prodigy files STAGE.DAT >and CACHE.DAT won't contain anything but Prodigy-related data. I guess you really *didn't* read the article, huh? There were other things mentioned in the quoted article that further demonstrate premeditated data-snarfing. I never certified that they were actually true. But the things mentioned in the article cannot happen by accident. -Steve
alex@bilver.uucp (Alex Matulich) (05/07/91)
nj@magnolia.Berkeley.EDU (Narciso Jaramillo) writes: >alex@bilver.uucp (Alex Matulich) fumed: > > [about Prodigy's STAGE.DAT file] > > COME ON PEOPLE! You are making a fuss about what is probably nothing at > all. Doesn't anybody realize that under MSDOS, when a program allocates > file space for itself on the hard disk, that space may contain fragments > of files that used to occupy that space? When you allocate file space, > the space is NOT cleared. > >The real problem is not whether Prodigy intentionally included code in >the client program to grab files off your hard disk. Whether or not >it's intentional, it's still a security risk; through the STAGE.DAT >file, your data is now accessible to any programmer who works at >Prodigy, including J. Random Hired Hacker who feels like inserting >commands into the server software to grab your data just for laughs. What I was trying to say in my somewhat vitriolic post (apologies for that) was that IF private info is indeed inside STAGE.DAT because it was already occupying _unused_ hard disk space which got allocated by Prodigy, THEN the security risk is no fault of Prodigy's -- MS-DOS is then the culprit causing the security risk. I would venture to say that AmigaDOS would behave the same way. When a file is deleted or moved, the space on the disk where the file used to be is not cleared. If some program comes along and allocates that space for a file, then naturally the file will contain the old data. I think if Prodigy is really stealing data, they aren't doing it through that STAGE.DAT file. There are better ways. -- _ |__ Alex Matulich /(+__> Unicorn Research Corp, 4621 N Landmark Dr, Orlando, FL 32817 //| \ UUCP: alex@bilver.uucp <or> ...uunet!tarpit!bilver!alex ///__) bitnet: IN%"bilver!alex@uunet.uu.net"
mark@calvin..westford.ccur.com (Mark Thompson) (05/07/91)
In article <1991May7.001840.8440@bilver.uucp> alex@bilver.uucp (Alex Matulich) writes: >nj@magnolia.Berkeley.EDU (Narciso Jaramillo) writes: >>alex@bilver.uucp (Alex Matulich) fumed: >> [about Prodigy's STAGE.DAT file] >> Doesn't anybody realize that under MSDOS, when a program allocates >> file space for itself on the hard disk, that space may contain fragments >> of files that used to occupy that space? >What I was trying to say in my somewhat vitriolic post (apologies for >that) was that IF private info is indeed inside STAGE.DAT because >it was already occupying _unused_ hard disk space which got allocated >by Prodigy, THEN the security risk is no fault of Prodigy's -- MS-DOS is >then the culprit causing the security risk. >I think if Prodigy is really stealing data, they aren't doing it through >that STAGE.DAT file. There are better ways. I have not been following this thread so I am sorry if this is old news but here is some info on Prodigy and the STAGE.DAT file that seems to indicate that the above arguments about MS-DOG being at fault are incorrect. Read on if you are interested. | FYI, forwarded to me by a Prodigy user. I reccomend using extreme | caution with this service for the reasons outlined below. | | Prodigy: More of a Prodigy Than We Think? | By: Linda Houser Rohbough | The stigma that haunts child prodigies is that they are difficult | to get along with, mischievous and occasionally, just flat dangerous, | using innocence to trick us. I wonder if that label fits Prodigy, | Sears and IBM's telecommunications network? | | Those of you who read my December article know that I was tipped | off at COMDEX to look at a Prodigy file, created when Prodigy is | loaded STAGE.DAT. I was told I would find in that file personal | information form my hard disk unrelated to Prodigy. As you know, I | did find copies of the source code to our product FastTrack, in | STAGE.DAT. The fact that they were there at all gave me the same | feeling of violation as the last time my home was broken into by | burglars. | | I invited you to look at your own STAGE.DAT file, if you're a | Prodigy user, and see if you found anything suspect. Since then I | have had numerous calls with reports of similar finds, everything from | private patient medical information to classified government | information. | | The danger is Prodigy is uploading STAGE.DAT and taking a look at | your private business. Why? My guess is marketing research, which is | expensive through legitimate channels, and unwelcomed by you and I. | The question now is: Is it on purpose, or a mistake? One caller | theorizes that it is a bug. He looked at STAGE.DAT with a piece of | software he wrote to look at the physical location of data on the hard | disk, and found that his STAGE.DAT file allocated 950,272 bytes of | disk space for storage. | | Prodigy stored information about the sections viewed frequently | and the data needed to draw those screens in STAGE.DAT. Service would | be faster with information stored on the PC rather then the same | information being downloaded >from Prodigy each time. | | That's a viable theory because ASCII evidence of those screens | shots can be found in STAGE.DAT, along with AUTOEXEC.BAT and path | information. I am led to belive that the path and system | configuration (in RAM) are diddled with and then restored to previous | settings upon exit. So the theory goes, in allocating that disk | space, Prodigy accidently includes data left after an erasure (As you | know, DOS does not wipe clean the space that deleted files took on the | hard disk, but merely marked the space as vacant in the File | Allocation Table.) | | There are a couple of problems with this theory. One is that it | assumes that the space was all allocated at once, meaning all 950,272 | bytes were absorbed at one time. That simply isn't true. My | STAGE.DAT was 250,000+ bytes after the first time I used Prodigy. The | second assumption is that Prodigy didn't want the personal | information; it was getting it accidently in uploading and downloading | to and from STAGE.DAT. The E-mail controversy with Prodigy throws | doubt upon that. The E-mail controversy started because people were | finding mail they sent with comments about Prodigy or the E-mail, | especially negative ones, didn't ever arrive. Now Prodigy is saying | they don't actually read the mail, they just have the computer scan it | for key terms, and delete those messages because they are responsible | for what happens on Prodigy. | | I received a call from someone from another user group who read our | newsletter and is very involved in telecommunications. He installed | and ran Prodigy on a freshly formatted 3.5 inch 1.44 meg disk. Sure | enough, upon | checking STAGE.DAT he discovered personal data from his hard disk that | could not have been left there after an erasure. He had a very | difficult time trying to get someone at Prodigy to talk to about this. | | -------------- | | Excerpt of email on the above subject: | | THERE'S A FILE ON THIS BOARD CALLED 'FRAUDIGY.ZIP' THAT I SUGGEST ALL | WHO USE THE PRODIGY SERVICE TAKE ***VERY*** SERIOUSLY. THE FILE | DESCRIBES HOW THE PRODIGY SERVICE SEEMS TO SCAN YOUR HARD DRIVE FOR | PERSONAL INFORMATION, DUMPS IT INTO A FILE IN THE PRODIGY | SUB-DIRECTORY CALLED 'STAGE.DAT' AND WHILE YOU'RE WAITING AND WAITING | FOR THAT NEXT MENU COME UP, THEY'RE UPLOADING YOUR STUFF AND LOOKING | AT IT. | | TODAY I WAS IN BABBAGES'S, ECHELON TALKING TO TIM WHEN A | GENTLEMAN WALKED IN, HEARD OUR DISCUSSION, AND PIPED IN THAT HE WAS A | COLUMNIST ON PRODIGY. HE SAID THAT THE INFO FOUND IN 'FRAUDIGY.ZIP' | WAS INDEED TRUE AND THAT IF YOU READ YOUR ON-LINE AGREEMENT CLOSELY, | IT SAYS THAT YOU SIGN ALL RIGHTS TO YOUR COMPUTER AND ITS CONTENTS TO | PRODIGY, IBM & SEARS WHEN YOU AGREE TO THE SERVICE. | | I TRIED THE TESTS SUGGESTED IN 'FRAUDIGY.ZIP' WITH A VIRGIN | 'PRODIGY' KIT. I DID TWO INSTALLATIONS, ONE TO MY OFT USED HARD DRIVE | PARTITION, AND ONE ONTO A 1.2MB FLOPPY. ON THE FLOPPY VERSION, UPON | INSTALLATION (WITHOUT LOGGING ON), I FOUND THAT THE FILE 'STAGE.DAT' | CONTAINED A LISTING OF EVERY .BAT AND SETUP FILE CONTAINED IN MY 'C:' | DRIVE BOOT DIRECTORY. USING THE HARD DRIVE DIRECTORY OF PRODIGY THAT | WAS SET UP, I PROCEDED TO LOG ON. I LOGGED ON, CONSENTED TO THE | AGREEMENT, AND LOGGED OFF. REMEMBER, THIS WAS A VIRGIN SETUP KIT. | | AFTER LOGGING OFF I LOOKED AT 'STAGE.DAT' AND 'CACHE.DAT' FOUND | IN THE PRODIGY SUBDIRECTORY. IN THOSE FILES, I FOUND POINTERS TO | PERSONAL NOTES THAT WERE BURIED THREE SUB-DIRECTORIES DOWN ON MY | DRIVE, AND AT THE END OF 'STAGE.DAT' WAS AN EXACT IMAGE COPY OF MY | PC-DESKTOP APPOINTMENTS CALENDER. | | CHECK IT OUT FOR YOURSELF. | | ### END OF BBS FILE ### | | I had my lawyer check his STAGE.DAT file and he found none other than | CONFIDENTIAL CLIENT INFO in it. | | Needless to say he is no longer a Prodigy user. end of forwarded message %~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~% % ` ' Mark Thompson CONCURRENT COMPUTER % % --==* RADIANT *==-- mark@westford.ccur.com Principal Graphics % % ' Image ` ...!uunet!masscomp!mark Hardware Architect % % Productions (508)392-2480 (603)424-1829 & General Nuisance % % % ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kdarling@hobbes.catt.ncsu.edu (Kevin Darling) (05/07/91)
>| FYI, forwarded to me by a Prodigy user. I reccomend using extreme >| caution with this service for the reasons outlined below. >| [...] >| I received a call from someone from another user group who read our >| newsletter and is very involved in telecommunications. He installed >| and ran Prodigy on a freshly formatted 3.5 inch 1.44 meg disk. Sure >| enough, upon >| checking STAGE.DAT he discovered personal data from his hard disk that >| could not have been left there after an erasure. He had a very >| [...] As I mentioned before (!), the other possibility is that data previously read into memory is being sent out to disk along with the Prodigy data. If these users really want to check, they should FIRST SHUT OFF THEIR COMPUTER for a long while, take out their huge startup files, and try again. I would bet they no longer get "personal" data in the Prodigy files, but only whatever had been read in on boot. And even that's not a perfect test: if they have some weirdo caching program, then extra unrelated disk data may still be brought into memory and shot back out. I'd really rather hear facts from a _real_ computer expert who checks this out... instead of reports from users who don't know how their machine is set up or operates. best - kev <kdarling@catt.ncsu.edu>
rmk@rmkhome.UUCP (Rick Kelly) (05/08/91)
In article <805@tnc.UUCP> m0154@tnc.UUCP (GUY GARNETT) writes: > >Assuming no massive conspiracy, what's probably going on is that >stuff.dat contains a memory image of the last Prodigy session (so that >it can start-up and put you back where you want to be). MessyDOS has >no real memory control system, so whatever was in RAM before you start >Prodigy will still be there unless it is specifically overwritten. If >the Prodigy software later saves the entire memory image, then areas >that were never overwritten (like never-used data transfer buffers) >will contain fragments of whatever was there before. Just about all >software for the PC is suceptable to this: I first noticed it when >programming in Turbo Pascal: my executable file seemed to contain >fragments of the program source code (which was in the Turbo Editor >just before Turbo compiled the program in memory, and saved it off to >disk). What actually happens, is that the first time Progidy is run, it sets up the STAGE.DAT file. When a file is deleted under MSDOS, the data is still hanging around on the disk, and some of it ends up in STAGE.DAT. There are some PD programs like zerofile.exe, that fill a file with zeros before you delete them. But I wouldn't take Prodigy for free. Rick Kelly rmk@rmkhome.UUCP frog!rmkhome!rmk rmk@frog.UUCP
dltaylor@cns.SanDiego.NCR.COM (Dan Taylor) (05/09/91)
In <1991May7.154936.17734@ncsu.edu> kdarling@hobbes.catt.ncsu.edu (Kevin Darling) writes: >As I mentioned before (!), the other possibility is that data previously >read into memory is being sent out to disk along with the Prodigy data. >I'd really rather hear facts from a _real_ computer expert who checks >this out... instead of reports from users who don't know how their >machine is set up or operates. best - kev <kdarling@catt.ncsu.edu> If you read the posting, please notice that the user claimed that ALL of his ".BAT" files were listed, not just autoexec.bat. I can understand caution, in this matter. However, it is not necessary for you to presume that those users are ignorant (even if they do have PCs). MS-DOS is not very complicated, so expertise is readily gained, even by moderate users. The person I share space with, at work, is a trained, experienced computer professional (MS-DOS and UNIX, internals and applications), who found data from a different DRIVE copied into the Prodigy file, in a clean-room test as you describe. Since the data related to his income tax, he was understandably upset, and has cancelled. Dan Taylor
bj@cbmvax.commodore.com (Brian Jackson) (05/09/91)
In article <62040@masscomp.westford.ccur.com> mark@calvin.westford.ccur.com (Mark Thompson) writes: >In articles too numerous to enumerate many paranoid people carry on about >Prodigy's software... >> ... >I have not been following this thread so I am sorry if this is old news >but here is some info on Prodigy and the STAGE.DAT file that seems to >indicate that the above arguments about MS-DOG being at fault are incorrect. >Read on if you are interested. I think this is called "beating a dead Prodigy". The _entire_ thread about this can be read in comp.dcom. Most of the (excessively) paranoid messages are being posted out of context and with pertinent information omitted. A. Think about this for a second. Do you *really* think that both IBM and Sears would *really* believe that they could do such a thing and never be found out? Do you *really* think that they would be blind to the deadly PR value of having this 'discovered'? I think not. B. You can't run Prodigy on the Amiga (unless you have a BridgeBoard) so, aside from the "urban folklore" aspect of all this, who cares? I expect to see this story in next weeks National Enquirer, right under the "Alien gives birth to Elvis' baby" story. Sheesh. Commercial computer services like GEnie. Prodigy, Compuserve, BIX, etc. have a LOT of $$$ invested and they all have a lot of competition. So they can ill afford to have such horrendous PR headaches which can send users scurrying to the competition (and Prodigy learned this first hand when their censorship flap (combined with a coincidentally timed change/drop in GEnie prices) caused quite a few Prodigy folks to switch to GEnie.) I will be most surprised if, when someone without an axe to grind actually runs a test of this stuff, it is found that Prodigy is/was really doing what this all suggests. Brian ----------------------------------------------------------------------- | Brian Jackson Software Engineer, Commodore-Amiga Inc. GEnie: B.J. | | bj@cbmvax.cbm.commodore.com or ...{uunet|rutgers}!cbmvax!bj | | "does logic really go hand-in-hand with computer-literacy??" | -----------------------------------------------------------------------
allbery@NCoast.ORG (Brandon S. Allbery KB8JRR/AA) (05/09/91)
As quoted from <1991May7.154936.17734@ncsu.edu> by kdarling@hobbes.catt.ncsu.edu (Kevin Darling): +--------------- | If these users really want to check, they should FIRST SHUT OFF THEIR | COMPUTER for a long while, take out their huge startup files, and try | again. I would bet they no longer get "personal" data in the Prodigy | files, but only whatever had been read in on boot. And even that's | not a perfect test: if they have some weirdo caching program, then extra | unrelated disk data may still be brought into memory and shot back out. | | I'd really rather hear facts from a _real_ computer expert who checks | this out... instead of reports from users who don't know how their | machine is set up or operates. best - kev <kdarling@catt.ncsu.edu> +--------------- Already done... check the RISKS Digest (comp.risks on Usenet). Someone did a test under the following conditions: (1) HD defragmented (2) ALL NON-ALLOCATED SPACE ON THE HD ZEROED (3) The trash at the end of "partially-allocated" clusters zeroed (4) BUFFERS=0 in CONFIG.SYS (doncha jus' luv DOS? bleeagh :-) Then some files were created, filled with garbage data (test patterns), and deleted. The computer was then shut off, allowed to sit, and rebooted with no TSR's. PRODIGY was then run from a freshly-formatted floppy. Results: STAGE.DAT contained a large chunk of "test pattern" and a small chunk of zeroes. NO data from actual files on the HD showed up in STAGE.DAT. Looks like MS-DOS is indeed the culprit. And keep in mind that MS-DOS doesn't necessarily clear either unallocated memory, or unallocated disk space, *or* *unallocated* *buffers* (recall the BUFFERS=0), so it's *real* easy to get unexpected stuff showing up in data files. ++Brandon -- Me: Brandon S. Allbery Ham: KB8JRR/AA 10m,6m,2m,220,440,1.2 Internet: allbery@NCoast.ORG (restricted HF at present) Delphi: ALLBERY AMPR: kb8jrr.AmPR.ORG [44.70.4.88] uunet!usenet.ins.cwru.edu!ncoast!allbery KB8JRR @ WA8BXN.OH
jmpiazza@acsu.buffalo.edu (Joseph M. Piazza) (05/09/91)
In article <946@cns.SanDiego.NCR.COM> dltaylor@cns.SanDiego.NCR.COM (Dan Taylor) writes: >In <1991May7.154936.17734@ncsu.edu> kdarling@hobbes.catt.ncsu.edu (Kevin Darling) writes: > >>As I mentioned before (!), the other possibility is that data previously >>read into memory is being sent out to disk along with the Prodigy data. >>I'd really rather hear facts from a _real_ computer expert who checks >>this out... instead of reports from users who don't know how their >>machine is set up or operates. best - kev <kdarling@catt.ncsu.edu> > >If you read the posting, please notice that the user claimed that ALL >of his ".BAT" files were listed, not just autoexec.bat. > >I can understand caution, in this matter. However, it is not necessary >for you to presume that those users are ignorant (even if they do have >PCs). MS-DOS is not very complicated, so expertise is readily gained, >even by moderate users. The person I share space with, at work, is a >trained, experienced computer professional (MS-DOS and UNIX, internals >and applications), who found data from a different DRIVE copied into >the Prodigy file, in a clean-room test as you describe. Since the >data related to his income tax, he was understandably upset, and has >cancelled. For what it's worth, I recall finding some very bizzarre info in a file while using Digital Research's Symbolic Debugger under CP/M (ancient history, I know). For the life of me I couldn't figure out how it got there. But if you stop and consider how many commands and utilities we execute and forget about, it should be obvious to any non-paranoid that it could easily happen. How does he know it's a list of ALL his .BAT files? How does he know what disk they were from? He probably listed them some time or another -- and promptly forgot about it ... again. Experts do that kind of stuff too. Otherwise I am forced to conclude that Digital Research is part of the conspiracy (or should that be "was?" Are they still in business?) Flip side, joe piazza --- Cogito ergo equus sum. CS Dept. SUNY at Buffalo 14260 UUCP: ...!{watmath,boulder,decvax,rutgers}!sunybcs!jmpiazza BITNET: jmpiazza@sunybcs.BITNET Internet: jmpiazza@cs.Buffalo.edu
mykes@amiga0.SF-Bay.ORG (Mike Schwartz) (05/10/91)
In article <21407@cbmvax.commodore.com> bj@cbmvax.commodore.com (Brian Jackson) writes: >In article <62040@masscomp.westford.ccur.com> mark@calvin.westford.ccur.com (Mark Thompson) writes: >>In articles too numerous to enumerate many paranoid people carry on about >>Prodigy's software... >>> ... > >>I have not been following this thread so I am sorry if this is old news >>but here is some info on Prodigy and the STAGE.DAT file that seems to >>indicate that the above arguments about MS-DOG being at fault are incorrect. >>Read on if you are interested. > >I think this is called "beating a dead Prodigy". The _entire_ thread >about this can be read in comp.dcom. Most of the (excessively) paranoid >messages are being posted out of context and with pertinent information >omitted. > >A. Think about this for a second. Do you *really* think that both IBM > and Sears would *really* believe that they could do such a thing and > never be found out? Do you *really* think that they would be blind to > the deadly PR value of having this 'discovered'? I think not. > >B. You can't run Prodigy on the Amiga (unless you have a BridgeBoard) > so, aside from the "urban folklore" aspect of all this, who cares? > >I expect to see this story in next weeks National Enquirer, right under >the "Alien gives birth to Elvis' baby" story. Sheesh. > >Commercial computer services like GEnie. Prodigy, Compuserve, BIX, etc. >have a LOT of $$$ invested and they all have a lot of competition. So they >can ill afford to have such horrendous PR headaches which can send users >scurrying to the competition (and Prodigy learned this first hand when >their censorship flap (combined with a coincidentally timed change/drop >in GEnie prices) caused quite a few Prodigy folks to switch to GEnie.) > >I will be most surprised if, when someone without an axe to grind actually >runs a test of this stuff, it is found that Prodigy is/was really doing >what this all suggests. > >Brian > > ----------------------------------------------------------------------- > | Brian Jackson Software Engineer, Commodore-Amiga Inc. GEnie: B.J. | > | bj@cbmvax.cbm.commodore.com or ...{uunet|rutgers}!cbmvax!bj | > | "does logic really go hand-in-hand with computer-literacy??" | > ----------------------------------------------------------------------- Something that hasn't been proposed in this thread: Maybe the alleged "snooping" information gets in your disk files because it just happened to be in memory before prodigy was used. If you run a program, like 1-2-3 or DBase, it is going to access your confidential and personal information and put it in RAM. Along comes prodigy software and inadvertently writes it to disk along with what it intended to write... -- **************************************************** * I want games that look like Shadow of the Beast * * but play like Leisure Suit Larry. * ****************************************************
arctngnt@amiganet.chi.il.us (Bowie J Poag) (05/11/91)
Kinda strange that Prodigy would be a bit "secretive" about that.. Ive been hearing from all over the place that this drive checking via prodigy has something to do with software piracy. Now theres a novel thought. Consider this: If they, (Prodigy) are able to do that, checking your drives I mean, what other services are doing this? As far as im concerned, being an Amiga owner who has to resort to going out and buying either a Mac or an IBM emulator/Bridgeboard just to USE Prodigy, for one, its not worth it.. 2, they havent been very cooperative in releasing an amiga version of the link software. Such is the reason why I dont like Prodigy. Then again, is their ANY online service worth being on anymore? Arctangent