[64462] in North American Network Operators' Group
Re: AOL fixing Microsoft default settings
daemon@ATHENA.MIT.EDU (Brian Bruns)
Fri Oct 24 08:44:50 2003
From: "Brian Bruns" <bruns@2mbit.com>
To: "Chris Brenton" <cbrenton@chrisbrenton.org>, <nanog@merit.edu>
Date: Fri, 24 Oct 2003 08:44:04 -0400
X-SA-Exim-Mail-From: bruns@2mbit.com
Errors-To: owner-nanog-outgoing@merit.edu
----- Original Message -----
From: "Chris Brenton" <cbrenton@chrisbrenton.org>
To: <nanog@merit.edu>
Sent: Friday, October 24, 2003 8:31 AM
Subject: Re: AOL fixing Microsoft default settings
>
> Is this "mechanism" an SSL connection? HTTP in the clear? AIM? Is it
> exploitable?
>
> I think the intention is admirable, but it has the potential to be a
> real nightmare if implemented incorrectly. The fact that it can all
> happen without the knowledge of the end user means even a savvy users
> could get whacked if the underlying structure is insecure.
>
AOL has a new function as of 8.0 IIRC that allows them to do repairs and
make changes to a users computer using the AOL Computer Checkup (I forget if
thats what its actually called, or something like that). Users can use it
to fix DUN errors, IE errors, GPF errors, etc. It appears to be an ActiveX
control in IE and is probably being used to do this change to the messenger
service. I haven't had time to sit there with a packet sniffer to see what
it does or how it works exactly.
--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
ICQ: 8077511
