Computer Underground Digest Volume 3, Issue #3.16 (May 9, 1991)

---
Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.16 (May 9, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto GAELIC GURU: Brendan Kehoe +++++ +++++ +++++ +++++ +++++ CONTENTS THIS ISSUE: File 1: Moderator's Corner File 2: Is Prodigy snooping thru your hard disk? File 3: Prodigy under Fire File 4: Comp.Org.Eff.Talk. comments on Prodigy FYI File 5: Prodigy's Response to Stage.dat File File 6: A Few Observation on Prodigy +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig), PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132); (2) cudarch@chsun1.uchicago.edu; (3) dagon.acc.stolaf.edu (130.71.192.18). E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: Moderator's Corner Date: May 9, 1991 ******************************************************************** *** CuD #3.16: File 1 of 6: Moderators Corner *** ******************************************************************** ++++++++++++ Newmail Problems ++++++++++++ There appear to be mailer problems somewhere along the lines. CuD 3.13 was re-sent because of some garbling problems; CuD 3.14 went out of NIU with no problem and we received few bounces, but apparently that issue was gobbled up and only a few received it. A significant number of 3.15s were returned because they could not sneak through a particular gateway. If you are not receiving CuD within a few days of the pub date in the header, let us know. +++++++++++++ CuD's Old News +++++++++++++ We are occasionally asked why we print "old news" that has been circulated on the nets for awhile. A recent Usenet survey of all newsgroup use estimates that CuD reaches about 9,300 through usenet. Relatively few sites (210) make CuD available to their users, so the readers-per-site matches that of more-established on-line journals such as RISKS and our progenitor TELECOM-DIGEST. In addition to a mailing list of about 700, we immediately reach about 10,000 with each posting. However, we have about 30 additional non-usenet feeds, and other readers obtain CuD from GEnie, Compuserve, and hundreds of BBSs, including two of the largest in the country (PC-EXEC and AV-SYNC). We also send out various back issues to about a dozen people each month who do not subscribe but simply want specific information. This means that, for perhaps one third of the readers, CuD may be the only source of news, so what is "old" to most of us fills in gaps for others. We try to assure that those without net access are provided with the basics of stories covered in other digests (thus our policy of reprinting old material) and hard-copy media. Further, some of the posts we print are sent to several other outlets simultaneously, and sometimes hold these for a week or two prior to publishing. For those who find these stories stale, we apologize, but the feedback from those who are, believe it or not, only now hearing about Sun Devil indicates that, for better or worse, some dated coverage is necessary. So, thanks for not complaining too much. +++++++++++ Prodigy +++++++++++ This issue focuses on the problems of Prodigy. As most know by now, Prodigy was criticized last year for apparent censorship and what some felt was high-handed treatment of customers complaining first about Prodigy's billing practices, and next about Prodigy's response to those who complained to other Prodigy users through E-mail. Another problem has arisen. It seems that Prodigy's user-interface, Stage.dat, appears to include bits of private data from users' other files. Thanks to all those who have sent us material. We have selected the most comprehensive to summarize the current brouhaha. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: The Moderators' <72307.1502@COMPUSERVE.COM> Subject: Is Prodigy snooping thru your hard disk? Date: 02 May 91 20:49:57 EDT ******************************************************************** *** CuD #3.16: File 2 of 6: Is Prodigy Snooping? *** ******************************************************************** We recently received the following summary of an article that appeared in the May 1, 1991 issue of the Wall Street Journal. No further citation was given. As automated access programs become more popular (eg: Compuserve's CIM and GEnie's Aladdin) this issue will become even more worrisome. Not only could your email be compromised, but it is possible that such programs could inventory your hard drive, reporting which applications you have installed, and their serial numbers. Would an organization, such as the SPA, sponsor such a program? Alas there appears to be little (if anything) that would prevent them from doing so. ++++++++++++++++++++++++++++++++++++++ Subscribers to the popular Prodigy computer service are discovering an unsettling quirk about the system: It offers Prodigy's headquarters a peek into users' own private computer files. The quirk sends copies of random snippets of a PC's contents into some special files in the software Prodigy subscribers use to access the system. Those files are also accessible to Prodigy's central computers, which connect to users' PCs via phone lines. The service's officials say they're aware of the software fluke. [ We'd use a stronger word than 'fluke' here, but we don't write for the WSJ - CuD ] They also confirm that it could conceivably allow Prodigy employees to view those stray snippets of private files that creep into the Prodigy software. But they insist that Prodigy has never looked at those snippets and hasn't any intention of ever doing so. "We couldn't get to that information without a lot of work, and we haven't any interest in getting there," says Brian Ek, a Prodigy spokesman. Nevertheless, news of the odd security breach has been stirring alarm among Prodigy users. Many have been nervously checking their Prodigy software to see what snippets have crept into it, finding such sensitive data as lawyer-client notes, private phone-lists, and accountants' tax files. Even though Prodigy users' privacy doesn't appear to have been invaded, the software problem points up the security risks that can arise as the nation races to build vast networks linking PCs via telephone lines. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Anonymous Subject: Prodigy under Fire Date: Thu, 9 May 91 01:22:52 CDT ******************************************************************** *** CuD #3.16: File 3 of 6: Prodigy under Fire *** ******************************************************************** ******************************************************************** ******************************************************************** News of the Earth Global news and information * from electronic and print sources supplements * * edited by * Regina P Knight, Geert K Marien ISSN 1052-2239 and John B Harlan ******************************************************************** Subject: Prodigy Contributed by: Donna B Harlan Harlan@IUBACS / Harlan@UCS.Indiana.Edu News source: Help-Net (BITNET/CREN/Internet Help Resource) on ListServ@TempleVM Date: Thu, 2 May 91 12:31:52 CST Original title: Prodigy and author: Suzana Lisanti Notes: This was forwarded from Help-Net to Roots-L (Genealogy List) on ListServ@NDSUVM1 ***** Start of forwarded material ***** ----------------------------Original message------------------------ I'm forwarding this message regarding Prodigy... I have no idea if it's true or not... ------------------ Beginning of forwarded message ----------------- The L. A. County District Attorney is formally investigating PRODIGY for deceptive trade practices. I have spoken with the investigator assigned (who called me just this morning, February 22, 1991). We are free to announce the fact of the investigation. Anyone can file a complaint. From anywhere. The address is: District Attorney's Office Department of Consumer Protection Attn: RICH GOLDSTEIN, Investigator Hall of Records Room 540 320 West Temple Street Los Angeles, CA 90012 Rich doesn't want phone calls, he wants simple written statements and copies (no originals) of any relevant documents attached. He will call the individuals as needed, he doesn't want his phone ringing off the hook, but you may call him if it is urgent at 1-213- 974-3981. PLEASE READ THIS SECTION EXTRA CAREFULLY. YOU NEED NOT BE IN CALIFORNIA TO FILE!! If any of us "locals" want to discuss this, call me at the Office Numbers: (818) 989-2434; (213) 874-4044. Remember, the next time you pay your property taxes, this is what you are supposed to be getting ... service. Flat rate? [laugh] BTW, THE COUNTY IS REPRESENTING THE STATE OF CALIFORNIA. This ISN'T limited to L. A. County and complaints are welcome from ANYWHERE in the Country or the world. The idea is investigation of specific Code Sections and if a Nationwide Pattern is shown, all the better. LARRY ROSENBERG, ATTY Prodigy: More of a Prodigy Than We Think? By: Linda Houser Rohbough The stigma that haunts child prodigies is that they are difficult to get along with, mischievous and occasionally, just flat dangerous, using innocence to trick us. I wonder if that label fits Prodigy, Sears and IBM's telecommunications network? Those of you who read my December article know that I was tipped off at COMDEX to look at a Prodigy file, created when Prodigy is loaded STAGE.DAT. I was told I would find in that file personal information form my hard disk unrelated to Prodigy. As you know, I did find copies of the source code to our product FastTrack, in STAGE.DAT. The fact that they were there at all gave me the same feeling of violation as the last time my home was broken into by burglars. I invited you to look at your own STAGE.DAT file, if you're a Prodigy user, and see if you found anything suspect. Since then I have had numerous calls with reports of similar finds, everything >from private patient medical information to classified government information. The danger is Prodigy is uploading STAGE.DAT and taking a look at your private business. Why? My guess is marketing research, which is expensive through legitimate channels, and unwelcomed by you and I. The question now is: Is it on purpose, or a mistake? One caller theorizes that it is a bug. He looked at STAGE.DAT with a piece of software he wrote to look at the physical location of data on the hard disk, and found that his STAGE.DAT file allocated 950,272 bytes of disk space for storage. Prodigy stored information about the sections viewed frequently and the data needed to draw those screens in STAGE.DAT. Service would be faster with information stored on the PC rather then the same information being downloaded from Prodigy each time. That's a viable theory because ASCII evidence of those screens shots can be found in STAGE.DAT, along with AUTOEXEC.BAT and path information. I am led to belive that the path and system configuration (in RAM) are diddled with and then restored to previous settings upon exit. So the theory goes, in allocating that disk space, Prodigy accidently includes data left after an erasure (As you know, DOS does not wipe clean the space that deleted files took on the hard disk, but merely marked the space as vacant in the File Allocation Table.) I received a call from someone from another user group who read our newsletter and is very involved in telecommunications. He installed and ran Prodigy on a freshly formatted 3.5 inch 1.44 meg disk. Sure enough, upon checking STAGE.DAT he discovered personal data from his hard disk that could not have been left there after an erasure. He had a very difficult time trying to get someone at Prodigy to talk to about this. -------------- Excerpt of email on the above subject: THERE'S A FILE ON THIS BOARD CALLED 'FRAUDIGY.ZIP' THAT I SUGGEST ALL WHO USE THE PRODIGY SERVICE TAKE ***VERY*** SERIOUSLY. THE FILE DESCRIBES HOW THE PRODIGY SERVICE SEEMS TO SCAN YOUR HARD DRIVE FOR PERSONAL INFORMATION, DUMPS IT INTO A FILE IN THE PRODIGY SUB-DIRECTORY CALLED 'STAGE.DAT' AND WHILE YOU'RE WAITING AND WAITING FOR THAT NEXT MENU COME UP, THEY'RE UPLOADING YOUR STUFF AND LOOKING AT IT. TODAY I WAS IN BABBAGES'S, ECHELON TALKING TO TIM WHEN A GENTLEMAN WALKED IN, HEARD OUR DISCUSSION, AND PIPED IN THAT HE WAS A COLUMNIST ON PRODIGY. HE SAID THAT THE INFO FOUND IN 'FRAUDIGY.ZIP' WAS INDEED TRUE AND THAT IF YOU READ YOUR ON-LINE AGREEMENT CLOSELY, IT SAYS THAT YOU SIGN ALL RIGHTS TO YOUR COMPUTER AND ITS CONTENTS TO PRODIGY, IBM & SEARS WHEN YOU AGREE TO THE SERVICE. I TRIED THE TESTS SUGGESTED IN 'FRAUDIGY.ZIP' WITH A VIRGIN 'PRODIGY' KIT. I DID TWO INSTALLATIONS, ONE TO MY OFT USED HARD DRIVE PARTITION, AND ONE ONTO A 1.2MB FLOPPY. ON THE FLOPPY VERSION, UPON INSTALLATION (WITHOUT LOGGING ON), I FOUND THAT THE FILE 'STAGE.DAT' CONTAINED A LISTING OF EVERY .BAT AND SETUP FILE CONTAINED IN MY 'C:' DRIVE BOOT DIRECTORY. USING THE HARD DRIVE DIRECTORY OF PRODIGY THAT WAS SET UP, I PROCEDED TO LOG ON. I LOGGED ON, CONSENTED TO THE AGREEMENT, AND LOGGED OFF. REMEMBER, THIS WAS A VIRGIN SETUP KIT. AFTER LOGGING OFF I LOOKED AT 'STAGE.DAT' AND 'CACHE.DAT' FOUND IN THE PRODIGY SUBDIRECTORY. IN THOSE FILES, I FOUND POINTERS TO PERSONAL NOTES THAT WERE BURIED THREE SUB-DIRECTORIES DOWN ON MY DRIVE, AND AT THE END OF 'STAGE.DAT' WAS AN EXACT IMAGE COPY OF MY PC-DESKTOP APPOINTMENTS CALENDER. CHECK IT OUT FOR YOURSELF. ### END OF BBS FILE ### I had my lawyer check his STAGE.DAT file and he found none other than CONFIDENTIAL CLIENT INFO in it. Needless to say he is no longer a Prodigy user. Mark A. Emanuele V.P. Engineering Overleaf, Inc. 218 Summit Ave Fords, NJ 08863 (908) 738-8486 emanuele@overlf.UUCP ***** End of forwarded material ***** ******************************************************************** Think globally, act locally ******************************************************************** News of the Earth (ISSN 1052-2239) consists of three components NewsE-D Distribution Global news and information from shortwave radio broadcasts NewsE-L Letters News and reaction from readers NewsE-S Supplements Global news and information from electronic and print sources available separately by free subscription from ListServ@IndyCMS (CREN) ListServ@IndyCMS.IUPUI.Edu (Internet) ******************************************************************** News of the Earth supplements are edited by Regina P Knight: RPKnight@USMCP6 (CREN) Geert K Marien: GKMXU@CUNYVM (CREN) GKMXU@CUNYVM.CUNY.Edu (Internet) John B Harlan: IJBH200@IndyVAX (CREN) IJBH200@IndyVAX.IUPUI.Edu (Internet) ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: "D.Baswell@adacp.com" Subject: Comp.Org.Eff.Talk. comments on Prodigy FYI Date: Sat, $ May 91 09:01:08 GMT ******************************************************************** *** CuD #3.16: File 4 of 6: Assorted Comments on Prodigy *** ******************************************************************** I find these posts from comp.org.eff.talk interesting. Hope you do too. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ (Begin Posts): Subject: Re: Prodigy charged with invading users' privacy Date: 1 May 91 05:17:34 GMT Sender: usenet@pcserver2.naitc.com (News Poster for NNTP) in article <1991Apr30.225133.8165@craycos.com> jrbd@craycos.com (James Davies) writes: >> I received a call from someone from another user group who read >>our newsletter and is very involved in telecommunications. He >>installed and ran Prodigy on a freshly formatted 3.5 inch 1.44 meg >>disk. Sure enough, upon checking STAGE.DAT he discovered personal data >>from his hard disk that could not have been left there after an >>erasure. > >Question: was he using an unused disk, or did he just reformat an old >one, assuming that it would be wiped clean? > >Could some Prodigy user out there try this experiment again, this >time using a verifiably empty disk? I get the feeling that this hasn't >exactly been a controlled experiment so far... Note one thing well: All formats on a floppy disk ARE LOW LEVEL FORMATS. That is, all data is physically erased, sector marks are rewritten, the whole works. It is not possible on a DOS machine to issue a "FORMAT A:" and have any data retained on the diskette from prior use. Try it. You'll see that this is the case. To do a controlled test, do the following: 1) Bulk erase and then format a floppy diskette. NO CHANCE of any residual data on the disk surface after this. 2) Run a "cleandisk" program to write ZEROS to all unallocated areas of the fixed disk in the machine. This will guarantee that all unallocated areas, which may be used for scratch buffers, have no data on them. The tail end of files are irrelevant -- that's an ALLOCATED area and should not be touched by the software if it's being "honest". 3) Install Prodigy on the floppy disk. Do not touch the hard drive, or run any software from it. Work >only< on the floppy disk. 4) Call Prodigy. Spend an hour or two online. Give 'em plenty of time to hose you if they're going to. 5) Sign off and look at STAGE.DAT on the floppy disk. Alternately, after cleaning the disk, install the Prodigy software on the fixed disk. DO NOT ACCESS ANY OTHER PROGRAMS OR DATA. Immediately run Prodigy, dial in, and use it for a couple of hours. Then check STAGE.DAT on the fixed disk. Since you zeroed all unallocated areas on the drive before you began, there is no way the STAGE.DAT file could have gotten private data in it unless the software is scanning your fixed disk drive. This should provide rather conclusive proof one way or the other. I'm not a Prodigy subscriber, or I'd try this... Subject: Re: Prodigy charged with invading users' privacy (was Re: Date: 1 May 91 21:07:40 GMT > zane@ddsw1.MCS.COM (Sameer Parekh) writes: > > Thank you for posting that. I had previously thought that Prodigy >was simply a dumb service. Now I am committed to the education of people to >stop using Prodigy. I will be writing an 'information sheet' which I will >distribute so that we can educate those who are not on the net. I will post >it here first so that I may get feedback on how it is. > (I didn't hear about it from this post, a friend who obviously read >this post told me about it.) The evidence presented so far has been in a word "SHODDY". Before you go making statements about this matter I would advise you to investigate more fully. Telling people not to use this service because of a supposely found problem that later turns out to be false opens the possibility of being sued for LIBEL. You could be sued for loss of revenue for each and every user you convince to discontinue or not use the service. This includes lost advertising revenue. The "litmus" tests I have seen so far are invalid. They show a lack of understanding of all the possible ways for this to happen (and there are many!) The proper test should be: wipe the hard disk clean -- i.e. low level reformat or wipedisk etc. Note: This should be done to any and all disks, partitions, etc on the system. (Or remove them) 2: insure all disks are clean!! 3: install test files to look for(if needed). Do not delete anything. Do not use any disk compressor. Just copy the files onto the disk. 4: POWER OFF the machine. Wait 10 min. (Yes, 10 MIN!) 5: Turn machine on and verify memory is clear. Don't do anything except what is listed here. Especially don't go looking at files. Don't do anything that might bring a file into memory or a disk buffer. 6: install prodigy 7: run prodigy for a period of time (1 hour or so) 8: NOW check the STAGE.DAT file. An even better test would to be to monitor the data being sent back to Prodigy. Subject: Re: Prodigy charged with invading users' privacy Date: 2 May 91 16:03:52 GMT Now that there is some more reliable data on the STAGE.DAT "controversy", I hope that everyone will settle down and stop accusing Prodigy of spying on them. It appears that the "stolen personal data" in the file was, as several people have speculated, just leftover pieces of deleted files. However, what nobody seemed to notice in all of this hysteria is that Prodigy doesn't need to move data into STAGE.DAT in order to "steal" it. They could just as easily have just directly snatched your client lists and accounting records without buffering it to another file first (in fact, a truly sneaky system would have done just that, I would say). There is a lot of trust necessary to use any network software -- for all I know, "rn" could be browsing through my files right this minute. However, there is no reason for me to suspect this, and if it did happen and I discovered it, I'm sure there would be hell to pay for the person responsible. Prodigy is in a position to lose quite a bit if they were found to be illegally spying on their users (can you say "deep pockets"? -- IBM is the Grand Canyon of deep pockets...) It's inconceivable to me that they would be pursuing such a risky policy. jrbd ++++++++++++++++++++++++ Dear Dr. Pangloss The stage.dat file is created when you install the prodigy software by pulling random bits from your computer's memory and hard disk erased space. This methods is the fastest way to create an "empty" file. As you use the service, reusable service information is stored in the file, overwriting random data stored there initially. When the service can get information from your stage file, rather than from the modem, the service speed is improved. Thanks for writing +++++++++++++++++++++++++++++++++++++++++++ Comments: a. The original message was in upper case. b. Although the basic outline is probably correct, I somehow doubt that the setup sequence "pulls random bits from your computer's memory.". It's probably using what ever was in the area last. Not quite random. (And not a very nice way to write a program. Me, I'd initialize everything to 0's or 1's.) c. The moral is clear. Digital is forever. When you erase a file you don't erase anything, you just tell the system that it can reuse the space. Admiral Poindexter can testify to that. (And so can Peter Norton who's saved many a person's skin.) ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: FYI Subject: Prodigy's Response to Stage.dat File Date: May 5, 1991 ******************************************************************** *** CuD #3.16: File 5 of 6: Prodigy's response to Stage.dat File*** ******************************************************************** $Moderator's note: We received a number of copies of the following response by Prodigy to the Stage.dat problem. PRODIGY(R) interactive personal service 05/03/91 10:49 PM The Privacy of Member Information Some members have asked recently about the privacy of information they store on their personal computers, as it relates to their use of the PRODIGY service. I felt this subject was important enough to inform all our membership about it. Privacy of a member's personal information is of primary importance to us. We know that our members consider this kind of information proprietary, and so do we. A recent, unsubstantiated and incorrect newspaper report suggested that members' personal information--unrelated to their use of the PRODIGY service--is being transmitted to our host computers from our members' computers. This is simply not true. It never has been. We have no central computers that access private computer files. The PRODIGY service software does not read, collect, or transmit to the Prodigy Services Company any information or data that is not directly connected with your use of the service. Member privacy has always been a top priority for Prodigy. Your use of the service can continue with the highest confidence that your personal data will not be accessed by us. Ted Papes President, Prodigy Services Company May 2, 1991 You may have recently read about data from other files appearing inside the STAGE. This is a harmless side effect of DOS file operations and the process by which the PRODIGY STAGE is created. On the following screens you'll find a discussion of your STAGE.DAT file. If you're interested in the details, please read on. I think you'll be more comfortable once you've read the facts. Harold Goldes (CBXH97A) Technical Editor, PRODIGY Star used by the STAGE has prompted some to speculate that PRODIGY can gain access to that information or other information on a member's hard disk. Here are the facts: The PRODIGY software does not examine a member's hard disk as a whole. It does not read files created by other software. It does not read data other than its own. It does not upload files to do this. The PRODIGY software confines its file operations to a limited and well defined section of your disk: The PRODIGY directory. When you install the PRODIGY software on your computer we create a unique file on your floppy or hard disk: STAGE.DAT. The STAGE (or STAGE.DAT as it appears in your directory or folder) is a "container". What does it hold? The STAGE contains frequently used information and instructions that make up PRODIGY applications ("applications" refers to the individual activities available to you on the service; FIND and the Movie Guide, are examples). Placing portions of applications on the STAGE (and not in other more remote parts of our network) puts them close to you. Without a storage structure like the STAGE, key components of an application would be sent to your computer whenever you visited the application. This adds transmission time. Placing them on your computer saves time. When you install the DOS version of the PRODIGY software, you have the choice of creating the STAGE in a range of sizes from about 160Kb to 950Kb. For Macintosh users there is one size: 200,064 bytes. If a member installs to a floppy disk(s), the STAGE may vary in size. These intermediate sizes depend on several factors including the capacity of the disk and the version of DOS. Once it's been created, the STAGE never changes its size. But the date and time stamp on the STAGE does change and is updated at the end of every PRODIGY session. This reflects the fact that during your session we read PRODIGY content from it and write updated PRODIGY content to it. To improve performance during your session, certain frequently used parts of the service are always "staged". A larger STAGE, should you choose one, permits a growing inventory of applications to reside on your computer. Because our software adapts itself to you, some of the content you use regularly can become staged. Whenever and wherever you logon to the Prodigy service, we check to see if you've got the latest versions of a variety of programs and data that reside in the STAGE. If not we send you what you need. You don't have to ask for new disks. And you don't have to reinstall. Some members use RAMdisks to improve performance. A RAMdisk is a "disk drive" made from memory (RAM) not from mechanical parts. It's faster than its physical counterpart but can more easily lose data. For that reason we don't recommend using a RAMdisk. However here's something to keep in mind if you're going to do it anyway. A RAMdisk is volatile. If you turn your machine off, the information stored on the RAMdisk evaporates. As you may be receiving an update each time you sign on, be sure to save the updates. To do this, copy the file named STAGE.DAT back to your PRODIGY directory before you hit that switch. Members often ask about the need to update the PRODIGY software on their PRODIGY installation disks. There is no need to update the original installation disks. Use those disks (or backup copies) to install the software on any computer you use to sign on to the PRODIGY Service. Then, when you sign on for the first time, the service will automatically update the PRODIGY software. Suppose you have two computers and use them both to access the service. Let's say you use one more frequently than the other. Each of your computers will get updates, if needed, when you use them. The machine used most frequently will be updated steadily (almost imperceptibly) by increments. When you use the other machine, you might notice a delay during logon because it's receiving a greater amount of updated information all at once. There's a practical limit to the kinds of changes we can make automatically to an existing version of the software. If you've ever tried adding air conditioning to a car you bought without it, you'll understand this; sometimes it's best to start over with the really useful options built in. So over time when we make extensive improvements to the PRODIGY software, we may send you a new set of disks. From time to time members using the DOS version of the PRODIGY software see information from "other" (non-PRODIGY) applications in the disk space used by STAGE.DAT. Data from non-PRODIGY files is never actually part of STAGE.DAT. More importantly it is never accessed or uploaded by the PRODIGY software. There are two ways in which extraneous data can appear in the STAGE. In the first case, the data was originally located in areas of the hard disk once used by other software. At one point in the past, this data was erased. When you erase a file, PC-DOS or MS-DOS (the operating system for personal computers) does not remove the file's contents from your disk. Instead it only marks the space used by the file as now "available for use". In doing this, it gives other software permission to reuse that space. Until that space is used by its new owner, the old data remains. This is why certain "unerase" software packages can recover accidentally deleted files. When you install the PRODIGY software, it asks DOS to supply disk space for the STAGE.DAT file. Depending on the size of the STAGE you choose, this is usually a request for anywhere between 160Kb to 1 Mb. DOS then checks its inventory of available disk sectors, finds the space and reserves it for its new owner: STAGE.DAT. But DOS leaves any old data in that space intact. Please keep in mind that DOS simply supplies the sectors we request (as long as they are available) and does not touch their original contents. Next, our install program starts filling the space with blocks of PRODIGY information. The PRODIGY install program does not erase any old data because to do so would appreciably lengthen the install process. As a result, old "erased" data may appear in unused space following the blocks (where it's more noticeable) as well as in smaller areas that occur within the blocks (for more on this see "HOW WE USE SPACE" below). If you chose a large STAGE (anything from 250Kb to 950Kb), chances are that at first, a portion of it will be unused. It is likely that some of the space within that unused portion was used by other software at one time. If so what you'll see if you examine that area will be "leftovers". Over time, the PRODIGY software will write blocks of information to the STAGE replacing whatever is there. Please keep in mind that the PRODIGY software can only recognize the blocks of information that it puts into STAGE.DAT itself. It does not read, collect, process or transmit "non-PRODIGY data". All disk space containing such data is treated as empty. Like most major software, to ensure compatibility and reliability when creating, reading and writing files, the PRODIGY software employs standard "services" provided by your computer's operating system. By viewing the STAGE with certain software tools, members have observed information from non-PRODIGY applications. However the PRODIGY software can neither see this information nor use it. To the PRODIGY software this space is considered "empty" and available for storing PRODIGY data. Over time, as you use the service, this "empty" space is covered by PRODIGY content. When we store data in the STAGE, we do it via DOS in blocks of a specific size. Let's say that size is 100 bytes. If we store a 120 byte "object" then we use two blocks (or 200 bytes of storage). What we store takes up all of the first block but only 20 bytes of the second block. What happens to the remaining 80 bytes of the second block? Whatever was there originally remains. If that block was built on a previously used sector, 80 bytes of "old" data will be seen. There's a second way in which extraneous data may appear within the disk space used by the STAGE. When the STAGE is being created, certain "control" areas may incorporate information that was in your computer's memory (RAM). These areas are used by the STAGE itself to keep track of its own contents. This extraneous data may include non-erased data or data from another disk. You may observe the names of directories, your PATH, or information from the software you were using just before you installed the PRODIGY software. To minimize the occurrence of this data within the STAGE, just turn your PC off, wait 15 seconds then turn it on again before installing the PRODIGY software. In short, extraneous information can appear in the disk space used by the STAGE and yet not actually be part of it. The appearance of this "non-PRODIGY data" is a side effect of DOS file operations or the process by which the STAGE is created. But, like a bottle containing oil and water, this disk space STAGE can contain both PRODIGY and non-PRODIGY data which are different and remain separate. The PRODIGY software does not read information created by other software. And it does not read data other than its own. Nevertheless some members have tried to delete non-PRODIGY data from the STAGE by using file editors. Modifying the contents of the STAGE file will do more harm than good. To maintain the integrity of the STAGE, we use special techniques that detect alteration of its contents. Changing the contents of the STAGE with a software tool (like an editor) will render the STAGE unusable. You'll have to reinstall the PRODIGY software. For those members who are concerned by even the appearance of extraneous data within the STAGE, we are preparing a utility to eliminate non-PRODIGY data from the STAGE. No extraneous information appearing within the disk space used by STAGE.DAT is known to or used by PRODIGY. The only information used by the PRODIGY software is what is needed for the installation and operation of the software. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: A Few Observations on Prodigy Date: 8 May, 1991 ******************************************************************** *** CuD #3.16: File 6 of 6: A Few Observations on Prodigy *** ******************************************************************** Prodigy customers can decide for themselves whether they are satisfied with the service, and the internal policies of a commercial system are normally of little direct CU interest. Here, however, we see at least two issues that potentially touch the rest of us. First, whatever the inadequacy of Prodigy's software or the tarnish on their public image, the stage.dat case raises the same issues that "hackers" have been raising for over a year. The legitimate concerns of users regarding the potential danger to privacy seem over-ridden by the same hysteria and "lynch mob" mentality that has accompanied law enforcement attention to the CU. Prodigy may not be the most sympathetic of victims, but they seem to be victimized by the same excesses, this time from the private sector, as other individuals received from law enforcement. Prodigy management may not handle its crises well, but this is not a crime, and using a flaw in a program to impute broader motives reminds us of how prosecutors distorted the significance of the E911 files, how AT&T fabricated the value of "losses," or how prosecutors creatively misconstrued facts or legal language to finagle a version of reality to their liking. A second issue, one more chilling, was raised by Emmanuel Goldstein of 2600 Magazine. If user-interface software can access information ona hard drive, consider this scenario: A serial killer is suspected of being a computerophile. A "psychological profile" has narrowed down possible suspects who may have an account on a system (like Prodigy) that essentially takes temporary control of a system while the user is logged on. Under existing law, can investigators use such such systems to "invade" the hard drives of suspects looking for potential evidence? And, if so, how can this evidence be used? Now, substitute "serial killer" for "hacker," "pirate," or "marijuana user." Take another example. If the Secret Service engages in video taping of the kind it did in Summercon '88 without significant public outcry, how hard would it be to engage in comparable monitoring of "suspects" hard drives? We have seen from Sun Devil and other operations (eg, Steve Jackson Games) how easily search or seizure affidavits can distort "reality." A year ago we would have thought the possibility of hard drive snooping absurd. But, we also would have disbelieved that the SS would poke holes in motel rooms to video tape 15 hours of people eating pizza and drinking beer. The crucial question of Prodigy's stage.dat is not an individual company's policies, but rather the ability for such programs to be used by those with the power to abuse it. ******************************************************************** ******************************************************************** ------------------------------ **END OF CuD #3.16** ********************************************************************

---

E-Mail Fredric L. Rice / The Skeptic Tank