Ghosts in the machines? Wandering monsters? Or just your regular old everyday software, phoning home spilling corporate secrets or violating privacy policies?

ISC handler Lorna Hutcheson pointed out yesterday that there has been a real dearth of stories lately about commercial software "phoning home" to the parent corporation, a staple of technology beat reporting in years past as intrepid reporters discovered a variety of commercial software sneaking around, using up our bandwidth, and transmitting our deepest, most secret information to vile corporate puppet masters who were surely using it to buttress their already dastardly plans for world domination. Hutcheson speculates that this is not because those corporations have learned their lessons and stopped doing such things, but rather because network traffic has become some complex that no one really notices any more.

I think there is probably some truth to this, although I think a meta-reason that we do not see this stories is actually that everyone is just used to it now; it's no longer an exception for software to ping back to the manufacturer, but rather the rule. We're either reconciled to it or simply no longer give much consideration to the potential implications of such activity.

Network traffic has become more complicated, however, and partly as a consequence of software expecting and demanding unfettered Internet access in order to operate properly, egress filtering no longer occupies the place it once did in the pantheon of IT security standards. It's certainly worth revisiting, as Hutcheson suggests.

Oddities rambling about the corporate networks are hardly a new phenomena, however. I am put in mind of Steven Bellovin's classic papers "There be Dragons" and "Packets Found on an Internet" (both can be found on his website; entertaining and informative at the same time, I highly recommend them and others of his works) describing oddities found rambling around the tubes back in the late eighties and early nineties. As recently as 2003 or so I could feel pretty comfortable sitting down with a packet sniffer on a random LAN segment and being able to quickly identify most traffic, but even then there were exceptions. Now, again, I fear that the exceptions have become the rule, and the dragons roam freely.