AOL fixing Microsoft default settings

• Previous message (by thread): AOL fixing Microsoft default settings
• Next message (by thread): AOL fixing Microsoft default settings
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message ----- 
From: "Chris Brenton" <cbrenton at chrisbrenton.org>
To: <nanog at merit.edu>
Sent: Friday, October 24, 2003 8:31 AM
Subject: Re: AOL fixing Microsoft default settings
>
> Is this "mechanism" an SSL connection? HTTP in the clear? AIM? Is it
> exploitable?
>
> I think the intention is admirable, but it has the potential to be a
> real nightmare if implemented incorrectly. The fact that it can all
> happen without the knowledge of the end user means even a savvy users
> could get whacked if the underlying structure is insecure.
>

AOL has a new function as of 8.0 IIRC that allows them to do repairs and
make changes to a users computer using the AOL Computer Checkup (I forget if
thats what its actually called, or something like that).   Users can use it
to fix DUN errors, IE errors, GPF errors, etc.  It appears to be an ActiveX
control in IE and is probably being used to do this change to the messenger
service.  I haven't had time to sit there with a packet sniffer to see what
it does or how it works exactly.


--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
ICQ: 8077511

• Previous message (by thread): AOL fixing Microsoft default settings
• Next message (by thread): AOL fixing Microsoft default settings
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]