Robert Moskowitz rites:
>I strongly doubt if someone can gain access to our network while an employee
>is dialed into Prodigy :)
"Blem wit" this is "how do you ensure that the employees only dial *P* ?"
- a modem pool with a limited number of allowed connections ? Why pay
by the hour ?
>And exactly what has been the real exposure of Web Browsers (not just
>theoretical non-paranoid Ghostwriter viewing of Postscript docs with nasty
>imbedded commands).
HTTP also contains the capability for embedded commands and execution, Look
at the recent CERT advisory on the web language for more detail.
Warmly,
Padgett
ps of course if a gift-wrapped #2-3 Facel-Vega HK-500 (Chrysler drivetrain)
should happen to appear at my door, I would be happy to take some vacation
and design a proper perimeter defense 8*).
|
|
