Yessir, I just double-checked my newly installed WinXP Pro machine, and low and behold - there's free.aol.com. I quickly removed it, duh, thanks for the heads-up! I wonder how many of us will do this in the next 10 mintes? Happy Tuesday all, ----------------------------------------| Ralph M. Los Sr. Security Engineer and Trainer EnterEdge Technology, L.L.C. rlosat_private (770) 955-9899 x.206 ----------------------------------------| ::-----Original Message----- ::From: mikedat_private [mailto:mikedat_private] ::Sent: Monday, April 08, 2002 10:19 PM ::To: incidentsat_private ::Subject: AIM Backdoor? :: :: :: ::Repost attempt, dunno why it didnt go through the first time. :: :: :: ::I have had AIM installed here at work for a while. While ::trying to repair the security zone settings on a users PC by ::comparing them to my own, I noticed that free.aol.com had ::been added to Internet Explorers "Trusted Sites" zone. :: ::If a simple minded user clicks one of the many "Free AOL and ::Unlimited Internet" icons on their system, or one of the ::5,800 links to this domain that google turns up, AOL can run ::the code of their choice without prompting. :: ::Anyone care to verify my findings or find a CSS vulnerability ::on free.aol.com? Does an employee of AOL care to comment? :: :: -Mike :: :: ::-------------------------------------------------------------- ::-------------- ::This list is provided by the SecurityFocus ARIS analyzer ::service. For more information on this free incident handling, ::management ::and tracking system please see: http://aris.securityfocus.com :: :: ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 11:52:07 PDT