nanog mailing list archives
Re: AOL fixing Microsoft default settings
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: 24 Oct 2003 08:31:04 -0400
On Fri, 2003-10-24 at 00:22, Jared Mauch wrote:
On Fri, Oct 24, 2003 at 12:13:59AM -0400, Sean Donelan wrote:http://www.securityfocus.com/news/7278 How many other ISPs intend to follow AOL's practice and use their connection support software to fix the defaults on their customer's Windows computers?Sounds good to me. The potential for these users to be less-than-educated enough about the existance of this "feature" means that the potential for this to increase the overall network security is a good thing.
Does anyone know anything about what security has been put in place for this? These quotes troubled me: "So two weeks ago, AOL began turning the feature off on customers' behalf, using a self-updating mechanism in AOL's software." <snip> "Users are not notified of the change..." Is this "mechanism" an SSL connection? HTTP in the clear? AIM? Is it exploitable? I think the intention is admirable, but it has the potential to be a real nightmare if implemented incorrectly. The fact that it can all happen without the knowledge of the end user means even a savvy users could get whacked if the underlying structure is insecure. C
Current thread:
- AOL fixing Microsoft default settings Sean Donelan (Oct 23)
- Re: AOL fixing Microsoft default settings Jared Mauch (Oct 23)
- RE: AOL fixing Microsoft default settings Terry Baranski (Oct 23)
- RE: AOL fixing Microsoft default settings Brian Wallingford (Oct 23)
- Re: AOL fixing Microsoft default settings Chris Brenton (Oct 24)
- Re: AOL fixing Microsoft default settings Brian Bruns (Oct 24)
- RE: AOL fixing Microsoft default settings Terry Baranski (Oct 23)
- Re: AOL fixing Microsoft default settings Michael Loftis (Oct 23)
- Re: AOL fixing Microsoft default settings Christopher L. Morrow (Oct 23)
- Re: AOL fixing Microsoft default settings chuck goolsbee (Oct 23)
- RE: AOL fixing Microsoft default settings Brian Knoblauch (Oct 24)
- Message not available
- Re: AOL fixing Microsoft default settings Fred Baker (Oct 28)
- Re: AOL fixing Microsoft default settings Sean Donelan (Oct 28)
- Re: AOL fixing Microsoft default settings Henry Linneweh (Oct 28)
- Re: AOL fixing Microsoft default settings Daniel Golding (Oct 30)
- Re: AOL fixing Microsoft default settings Fred Baker (Oct 28)
- Re: AOL fixing Microsoft default settings Jared Mauch (Oct 23)
- <Possible follow-ups>
- Re: AOL fixing Microsoft default settings Stewart, William C (Bill), RTSLS (Oct 24)