North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: AOL fixing Microsoft default settings
On Fri, 2003-10-24 at 00:22, Jared Mauch wrote: > On Fri, Oct 24, 2003 at 12:13:59AM -0400, Sean Donelan wrote: > > http://www.securityfocus.com/news/7278 > > > > How many other ISPs intend to follow AOL's practice and use their > > connection support software to fix the defaults on their customer's > > Windows computers? > > Sounds good to me. The potential for these users > to be less-than-educated enough about the existance of > this "feature" means that the potential for this to > increase the overall network security is a good thing. Does anyone know anything about what security has been put in place for this? These quotes troubled me: "So two weeks ago, AOL began turning the feature off on customers' behalf, using a self-updating mechanism in AOL's software." <snip> "Users are not notified of the change..." Is this "mechanism" an SSL connection? HTTP in the clear? AIM? Is it exploitable? I think the intention is admirable, but it has the potential to be a real nightmare if implemented incorrectly. The fact that it can all happen without the knowledge of the end user means even a savvy users could get whacked if the underlying structure is insecure. C
|