I should also extend my apoligies. My response to the original post
was equally an accident. (I have received several messages about that
and some of them quite angry.) Perhaps I can atone for my sins.
In this morning's newspaper (reference follows), I found an article of
some interest. In it, there was an interview with a beta tester of IE
4.0. Apparently, IE 4.0 - if left unattended - will routinely initiate
a connection to Microsoft. Purportedly, this feature (not a bug, a
feature) allows updates and special web pages to be downloaded while
the user is away from the teriminal (busy, asleep, etc.) These updates
are then stored on the hard disk drive of the user. According to the
beta tester:
"I...discovered that my computer had connected itself to the
Internet...I was completely freaking out. I pulled the phone plug
right out of the wall."
The article suggests that I.E. 4.0 not only initiated the connection,
but actually activated dial-up networking to make that connection.
Presumably, on 95 boxes that are networked (e.g., not dialup), this
feature would also operate. Of particular interest is this: one beta
tester reported that while he was sleeping, 4.0 downloaded
approximately 250K of info from MS. More bizzare yet is this: in
addition to the 250K download, his machine also UPLOADED 58,000 bytes
of information. The beta tester reported that he did not know what
data had been uploaded.
The full article is here:
http://www.staronline.com/tech/browser.html
I am wondering this: suppose such a box was located behind a firewall
but was allowed outside access. Does this not constitute an EXTREME
security risk? If 4.0 is capable of uploading information from a local
drive of a 95 box, it can presumably do this from badly managed shares
as well, no?
Bryan Wilkerson wrote:
> I apologize to the list for my last post. I accidently included
> all recipients in my response.
>
> This thread and my reply have nothing to do with firewalls. Sorry
> for polluting the list.
>
> -bryan
Follow-Ups:
References:
|
|
