Bugtraq mailing list archives
Re: Altavista Free Internet Security
From: london222 () NETZERO NET (Bill)
Date: Mon, 17 Jan 2000 17:28:19 -0500
You can't run a trusted client on an untrusted machine. A hostile user has complete access to the machine state, including memory, stack, and register values. He/she can log all communication between the client and the server and create a fake client that duplicates the "authentification" procedure of the real client, but without displaying ads. It's a lost cause, but luckily for the people running the free Internet access programs, most users won't do this. __________________________________________ NetZero - Defenders of the Free World Get your FREE Internet Access and Email at http://www.netzero.net/download/index.html
Current thread:
- Re: Hotmail security hole - injecting JavaScript using <IMG Kevin Hecht (Jan 03)
- Re: Hotmail security hole - injecting JavaScript using <IMG Henrik Nordstrom (Jan 04)
- Re: Hotmail security hole - injecting JavaScript using <IMG Metal Hurlant (Jan 05)
- Re: Hotmail security hole - injecting JavaScript using <IMG Ajax (Jan 05)
- Re: Hotmail security hole - injecting JavaScript using <IMG Andrew Pimlott (Jan 07)
- Re: Hotmail security hole - injecting JavaScript using <IMG Eivind Eklund (Jan 08)
- IIS still revealing paths for web directories Vanja Hrustic (Jan 10)
- Re: IIS still revealing paths for web directories Vladimir Dubrovin (Jan 12)
- Re: IIS still revealing paths for web directories Chris Tobkin (Jan 12)
- Altavista Free Internet Security Plex Inphiniti (Jan 14)
- Re: Altavista Free Internet Security Bill (Jan 17)
- Trusted process on an untrusted machine? Mike Frantzen (Jan 18)
- Re: Trusted process on an untrusted machine? Pavel Machek (Jan 19)
- Re: Trusted process on an untrusted machine? Mike Frantzen (Jan 19)
- Re: Trusted process on an untrusted machine? Pavel Machek (Jan 20)
- Re: Hotmail security hole - injecting JavaScript using <IMG Metal Hurlant (Jan 05)
- Re: Trusted process on an untrusted machine? Tim Newsham (Jan 19)
- Re: Trusted process on an untrusted machine? Anonymous Anonymous (Jan 19)
- Re: Trusted process on an untrusted machine? Crispin Cowan (Jan 19)
- Crafted Packets Handling by Firewalls - FW-1 case Ofir Arkin (Jan 19)
- Rh 6.1 initial root password encryption Ken Barber (Jan 20)
- Re: Rh 6.1 initial root password encryption Fabian Kroenner (Jan 22)
- Re: Hotmail security hole - injecting JavaScript using <IMG Henrik Nordstrom (Jan 04)