Yessir, I just double-checked my newly installed WinXP Pro machine, and low
and behold - there's free.aol.com. I quickly removed it, duh, thanks for
the heads-up! I wonder how many of us will do this in the next 10 mintes?
Happy Tuesday all,
----------------------------------------|
Ralph M. Los
Sr. Security Engineer and Trainer
EnterEdge Technology, L.L.C.
rlosat_private
(770) 955-9899 x.206
----------------------------------------|
::-----Original Message-----
::From: mikedat_private [mailto:mikedat_private]
::Sent: Monday, April 08, 2002 10:19 PM
::To: incidentsat_private
::Subject: AIM Backdoor?
::
::
::
::Repost attempt, dunno why it didnt go through the first time.
::
::
::
::I have had AIM installed here at work for a while. While
::trying to repair the security zone settings on a users PC by
::comparing them to my own, I noticed that free.aol.com had
::been added to Internet Explorers "Trusted Sites" zone.
::
::If a simple minded user clicks one of the many "Free AOL and
::Unlimited Internet" icons on their system, or one of the
::5,800 links to this domain that google turns up, AOL can run
::the code of their choice without prompting.
::
::Anyone care to verify my findings or find a CSS vulnerability
::on free.aol.com? Does an employee of AOL care to comment?
::
:: -Mike
::
::
::--------------------------------------------------------------
::--------------
::This list is provided by the SecurityFocus ARIS analyzer
::service. For more information on this free incident handling,
::management
::and tracking system please see: http://aris.securityfocus.com
::
::
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 11:52:07 PDT