[27277] in bugtraq
RE: CommonName Toolbar potentially exposes LAN web addresses
daemon@ATHENA.MIT.EDU (Eric Stevens)
Thu Oct 3 16:35:31 2002
From: "Eric Stevens" <mightye@mightye.org>
To: "Support" <Support@Commonname.com>, <bugtraq@securityfocus.com>
Date: Thu, 3 Oct 2002 11:18:43 -0400
Message-ID: <LKECKOOCIJJCLJLDDELLOEEGCFAA.mightye@mightye.org>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <D30A89EAD3D26E45963F36E2C431B9F43FC76C@exchange1.Commonname.com>
In fact, I noticed the "Resolve Local Intranet Names" option, altering its
setting had no noticeable effect on behavior.
Further, I ran the uninstaller with all other applications closed, and
although the options for CommonName were removed from within Internet
Explorer, local addresses were still being routed to the CommonName website.
Rebooting the machine and attempting to delete the CommonName folder in
Program Files before opening any applications, I was denied the ability as
the Babe DLL was already in use, thus the reason I used ACL's to deny access
to that folder.
-----Original Message-----
From: Support [mailto:Support@Commonname.com]
Sent: Thursday, October 03, 2002 11:15 AM
To: Eric Stevens; bugtraq@securityfocus.com
Subject: RE: CommonName Toolbar potentially exposes LAN web addresses
Thank you for your email,
Intranet resolution with CommonName can be activated by opening IE, clicking
on
Tools > Internet Options > Advanced
Then scroll down to the CommonName section and selecting Resolve Local
Intranet Names.
With this feature activated Intranet names are not routed to CommonName for
checking against our database of keywords.
