TVCH FORUMS HOME . JOIN . FAN CLUBS . ABOUT US . CONTACT . CHAT  
Bomis   Quick Links   TOPICS . TREE-VIEW . SEARCH . HELP! . NEWS . PROFILE
Warning about HotBar

The TVClubHouse: General Discussions ARCHIVES: 2004 Nov. - 2005 Jan.: All Things Technical: The Help Desk (ARCHIVES): Warning about HotBar users admin

Author Message
Texannie
Member

07-16-2001

Friday, December 10, 2004 - 7:47 am   Edit Post Move Post Delete Post View Post    
A friend of mine who works for NASA received the following internal NASA memo (from which I’ve deleted the sender’s name). FYI, “JSC” = Johnson Space Center.








To: DL ARES CS; DL ARES LM ALL; DL ARES Long-Term; DL ARES Short-Term
Sent: 12/3/2004 3:38 PM
Subject: Warning about HotBar!
Importance: High

HotBar is a free application that adds graphical "skins" to Internet
Explorer, Outlook and Outlook Express toolbars. It also adds graphics
on the bottom of every email you send out attempting to entice others to
download. On the surface, this program looks neat because you can
"personalize" your application. All these free toolbars, and menus
(HotBar is just one example) come with spyware embedded in them and
should be used with extreme caution.

HotBar has been singled out by the Office of Homeland Security as a high
risk for potential identity theft. In order to download this software,
a user has to create an account with HotBar, thereby giving them data
about themselves and creating a password. After analyzing the logs that
HotBar creates and saves about each user, NSIRC (National Security
Agency's National Security Incident Response Center) has issued a
warning to government agencies about the potential for harm.

In particular, many users from NASA and JSC are listed in HotBar's data.
What this means is that HotBar has data on individuals here at JSC along
with a tracking of every website they have visited since they loaded the
application. Because many users routinely use the same password on more
than one Internet account, and because many Internet accounts are based
on the user ID being an email address, HotBar is sitting on a goldmine
of information. If the information got into the hands of someone
wishing to steal your identity . . . . it just became much easier for
them to accomplish that.

Because of NSIRC's warning, JSC is making moves to block all access to
HotBar from the center. They announced today that HotBar is now
considered an unauthorized application, and downloading it is against
policy. JSC has a list of individuals who have it installed (thanks
to HotBar's data) and will be working with you to clean up your system
in the near future.

There is no need to be in a panic over this, since JSC is blocking this
traffic now. Even if you have it installed, it will not be able to
collect and report data anymore. If you have HotBar on your system and
you don't want to wait for clean up instructions from JSC, there are
removal tools on the Internet. You can also contact me or submit an
ARES-Task for assistance.


ARES (SA13) IT Security
LM Project Manager
NASA JSC