----- Original Message ----- From: "Chris Brenton" <cbrenton@chrisbrenton.org> To: <nanog@merit.edu> Sent: Friday, October 24, 2003 8:31 AM Subject: Re: AOL fixing Microsoft default settings
Is this "mechanism" an SSL connection? HTTP in the clear? AIM? Is it exploitable?
I think the intention is admirable, but it has the potential to be a real nightmare if implemented incorrectly. The fact that it can all happen without the knowledge of the end user means even a savvy users could get whacked if the underlying structure is insecure.
AOL has a new function as of 8.0 IIRC that allows them to do repairs and make changes to a users computer using the AOL Computer Checkup (I forget if thats what its actually called, or something like that). Users can use it to fix DUN errors, IE errors, GPF errors, etc. It appears to be an ActiveX control in IE and is probably being used to do this change to the messenger service. I haven't had time to sit there with a packet sniffer to see what it does or how it works exactly. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org ICQ: 8077511