Thursday, January 3, 2008

Strange Connections ... ...

Thank Sean (UCD), I've just discovered these strange connection.... made by Apple and Adobe.




Both Apple and Adobe ask a connection to 192.168.112.2o7.net. If you try a tcp connection on port 80 you can grab the banner discovering that : The IP-Addresses are owned by OMNITURE. What is OMNITURE ?
From this page:


With Omniture, large volumes of data generated by Web sites and other business systems can be captured, stored and analyzed to:
Measure trends and customer behavior in real-time
Provide real-time, high-performance analysis and reporting for all levels of business users
Automate new online processes
Optimize overall business performance
As a result, Omniture customers can more fully leverage the Internet to increase revenues, improve customer service and operational efficiency, and maintain a competitive edge. Omniture has experienced rapid growth as the company's solutions have been adopted across organizations of all sizes and industries. Omniture has been recognized by:
The Inc. 500 List of America's Fastest-Growing Companies
The Deloitte Technology Fast 500


So it's is a "behavioral analytics firm" ..... A "behavioral analytics firm" ?? What the meaning ?? Are they spy us ?
Well I totally agree with he :
The iTunes MiniStore sends data to the same scammy-looking “192.168.112.2o7” Omniture-owned web server that Adobe CS3 apps do. There’s no reason to use a server address like this other than to hope to slip past firewall filters misconfigured to allow traffic matching a wildcard pattern like “192.168.*”.

It's pretty amazing ... well ... I've wrote "pretty" because at-the-end-of-the-day this is the most known security problem of ever. I mean it's Trusting Software. You can trust only your own application !! Moreover, it's not true if you're using high level languages like Java, .NET and so for.. You can not know exactly what 3rd-part softwares are doing on your machine... Again, Diebold voting machines teaches us. So what we can do ? Is it possible analyzing every connection and reverser-engineering every software ? Obviously not. You "may" trust....

Here some interesting reading about that.
blogs.adobe.com
blogs.adobe.com (second interesting post)
uneasysilence.com

No comments: