North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: AOL fixing Microsoft default settings

  • From: Brian Bruns
  • Date: Fri Oct 24 08:46:48 2003

----- Original Message ----- 
From: "Chris Brenton" <[email protected]>
To: <[email protected]>
Sent: Friday, October 24, 2003 8:31 AM
Subject: Re: AOL fixing Microsoft default settings
>
> Is this "mechanism" an SSL connection? HTTP in the clear? AIM? Is it
> exploitable?
>
> I think the intention is admirable, but it has the potential to be a
> real nightmare if implemented incorrectly. The fact that it can all
> happen without the knowledge of the end user means even a savvy users
> could get whacked if the underlying structure is insecure.
>

AOL has a new function as of 8.0 IIRC that allows them to do repairs and
make changes to a users computer using the AOL Computer Checkup (I forget if
thats what its actually called, or something like that).   Users can use it
to fix DUN errors, IE errors, GPF errors, etc.  It appears to be an ActiveX
control in IE and is probably being used to do this change to the messenger
service.  I haven't had time to sit there with a packet sniffer to see what
it does or how it works exactly.


--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
ICQ: 8077511