Built into the corporate product is the ability to report intrusions
to a centralized
console. We are looking to add this feature to our consumer product
in the future, as described in article
q000116. Unfortunately, pre-release aspects of
this that we made available only to beta customers have 'leaked'
out to a general release. This bug is cosmetic only, but it
has worried some people.
This bug only affects versions 1.9.2 (beta) and 1.9.4 (release).
In version 1.9.2-1.9.4, a bug in the user interface would accidentally
attempt to enable the options for consumer users.
The entries in the "blackice.ini"
configuration file look something like:
icecap.url = http://snitch.networkice.com:88
...
The bug happens when the user clicks on the ICEcap tab, then
clicks on another tab or "Apply". Accidentally, the system will
add entries to "blackice.ini".
However, these entries are harmless for several reasons:
- The product is not able to act upon these entries unless
the user knew exactly how to enable them by manually
editing the file.
- In the latest version (1.9.6) the reporting code has
actually been removed, so even knowlegeable users
cannot activate this feature.
- Even if the product attempted to report, it still
wouldn't work because 'snitch.networkice.com' doesn't
exist (and has never existed). This domain name
does not resolve to an IP address. (The 1.9.4 beta
would indeed attempt to resolve this domain name,
but fail).
You can verify this yourself by attempting
to ping snitch.networkice.com.
- Even if the DNS name resolved to an IP address,
we have no server that would accept these incoming
reports at port 88. You could verify this yourself
by TCP port scanning our address ranges.
Our intention is to set up a server that customers, on a voluntary
basis, can forward us alerts. Some people have proposed the
word "snitch" implies tattling on
unlicensed/illegal
copies of our product, or that it would snitch on the activities
of our users. That is not the case; instead the name 'snitch'
was an in-house code-name implying that our customers
would report to us about hacker intrusions, thereby 'snitching'
on the hackers. Users might want to consult the software privacy policy
page for more information on this topic.
As mentioned above, this new feature has not yet been scheduled to go
online. We put it into a beta version (1.9.2)
to allow customers who wanted to try out this feature to
do so. Unfortunately, we never got around to that phase of testing
(we never did setup the 'snitch' server), and we didn't
disable it correctly in the user interface for the release (1.9.4).
