[13406] in bugtraq
Re: Altavista Free Internet Security
daemon@ATHENA.MIT.EDU (Bill)
Tue Jan 18 12:38:54 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001e01bf613a$29939b00$029dfea9@nd1hp>
Date: Mon, 17 Jan 2000 17:28:19 -0500
Reply-To: Bill <london222@netzero.net>
From: Bill <london222@NETZERO.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
You can't run a trusted client on an untrusted machine.
A hostile user has complete access to the machine state, including
memory, stack, and register values. He/she can log all communication
between the client and the server and create a fake client that
duplicates the "authentification" procedure of the real client, but
without displaying ads.
It's a lost cause, but luckily for the people running the free
Internet access programs, most users won't do this.
__________________________________________
NetZero - Defenders of the Free World
Get your FREE Internet Access and Email at
http://www.netzero.net/download/index.html
