There are also instances where netscape or IE can send your
username and encrypted password to an abitrary server on the net.
a tag like file:\\server\share in html when on NT or 95 convinces
the OS to try and connect to the server using SMB (ie windows file
sharing) and part of this entails sending the username/password.
There is a site on the net where you browse a page and it TELLS
YOU your username and encrypted password! (cant remember URL)
the solution is to run behind a firewall and not allow netbios to
>>> Christopher Curtis <ccurtis @
On Tue, 15 Apr 1997, Harry Munir Behrens wrote:
> Mike's mail is obviously meant as a joke! Of course M$ is NOT
> to scan for a copy of Netscape Navigator and infect it with a
> automatically debit your creadit card!
Just in case there is any confusion (while the sarcasm level on
may be high, its apparency is not) there are pages that have
Active-X controls that when visited by MSIE (the only browser
supporting Active-X) they will, in fact, scan your harddrive for a
Quicken or MS-Money and set them up to automatically debit your
transferring funds from your account to theirs. Of course, in
this to happen, you have to allow the Active-X through (most
off the dialog boxes anyhow, so this _is_ a problem) and do online
banking. I don't know the number of people who fit this profile,
possibility is out there. There are also pages that if visited
on an Intel machine will shut the machine off, or at least, close
operating system (some computers will turn off when Win95 exits).
Likewise, it would be trivial to put a virus on your computer
methods. "Gee, what is this 'readme.doc'? I don't remember
that..." This can be considered a biased opinion, but anyone
interested in security (such as those on a firewall list) should
products and especially "innovations" as the dearth of security
Then again, when dealing with MS, the firewall is probably the
of defense. Too bad not everyone will set up a (non-MS) firewall
Flames to /dev/null,