[4311] in WWW Security List Archive
Re: ActiveX Bank-Quicken Exploit
daemon@ATHENA.MIT.EDU (John Johnson)
Sun Feb 9 17:35:19 1997
Date: Mon, 10 Feb 1997 05:53:22 +1100
To: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
From: John Johnson <novatech@nectar.com.au>
Cc: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 09:15 PM 2/8/97 -0500, you wrote:
>When I lived in Hamburg the local solution to the Chaos Computer
>Club was to pay a visit to a certain bar with five or six heavy lads...
>
>Times have changed...
>
>Its not the vector that is the disaster here - its Quicken. Any program
>run on the machine could be used for fraud.
>
> Phill
>
>
true understanding folks, why did these folks go public???
they knew there exploit would make it too far but that the implications
make everything insecure... now lets not bragg about what would happen
maybe when...
Lets get on with finding a solution shall we???
thank you
John Johnson WWW http://www.novatech.net.au
Tactical Director email novatech@novatech.net.au (business)
NovaTech Internet Security knytmare@nectar.com.au (private)
Australias Leading Dedicated Internet and Network Security Consultants
