IP: Re: MS strikes yet again and again at security PAY ATTENTION

[David Farber <dave () farber net>]

> From: "Steve Wolfe" <swolfe () codon com>
> To: <farber () cis upenn edu>
> Subject: Re: MS strikes yet again and again at security PAY ATTENTION
> Date: Fri, 30 Mar 2001 17:47:30 -0700
> X-Mailer: Microsoft Outlook Express 5.00.2314.1300
>
> > "Such a
> > > program," Microsoft said, "would be capable of taking any action that the
> > > user himself could take on his machine, including adding, changing or
> > > deleting data, communicating with web sites, or reformatting the hard
> drive."
>
>   Of course, the greatest danger is not that someone will format your hard
> drive, or look at your documents.  While it would be very annoying, the real
> danger is that the malicious person will use the opportunity either to
> directly install a "back-door" onto the computer, or to degrade the
> machine's security in order to install the back-door later.
>
>    Once the back-door is installed, the malicious person can then use your
> computer for further malicious deeds whenever he sees fit, not just when you
> visit their site.  Back-door kits are easily accessible, and often require
> very little expertise to install.  A recent article profiling the average
> day of a cyber-criminal  (http://www.msnbc.com/news/550567.asp) involves
> nothing more than setting up a quick web page to accept credit cards for
> entrance to a fictitious web site, and sending out spam to attract unknowing
> visitors, particularly preying upon those who are new to the Internet.  The
> technique only needs to be modified to execute the back-door installation
> instead of (or even in addition to) accepting the credit card payment.
>
> steve



For archives see: http://www.interesting-people.org/