Ok, I was a bit surprised when, in playing with the new ICQ99a build 1700 v2.13 client (which I believe is the first publicly distributed one of the 99 family), I turned on the "Activate my home page" feature, and turned my laptop into a web server... Complete with a file server that allows by default anything in the "program files\icq\homepage\root\YOUR#\files" folder to be requested. Even set up a guest book, chat service, etc... After getting over being astonished (yea, they said "turning this on might increase people's access to your machine, and tell them your ip address" - of course it will. You're setting up a bloody web server you idiots. A bad one at that.) I naturally started doing some poking. Telnet to your port 80, and enter some non http gibberish. I tried "quit<cr>" for grins. Blam. Down goes the ICQ client with a GPF. Got someone else to turn theirs on, and sure enough, managed to shoot him down too. I warned Mirabilis about it. Folks at institutions that worry about such things, but let their employees run ICQ might want to be aware that said employees might well be running web servers now and not evening know it. On you ICQ contact list, if they're on it, said users show up with a little house next to their name. -- Ron Jarrell VA Tech Computing Center
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:47 PDT