> Date: Fri, 14 Feb 97 17:45:04 EST
> From: Jamie_T_Brooks @
> Subject: Pointcast - why block????
> I am new to this listing and would like to know what is the security
> risk of having Pointcast running at the desktop?
> Bandwidth waste or a real security risk?
Pointcast allows software updates to be downloaded, installed, and
executed on the client without user intervention. The Pointcast
Network has not put their download protocol up for independent
review and from looking at it, I don't see any real authentication
of the source of these updates.
The upshot is that in the best case, Pointcast can download and run
on your clients any software they desire. You may choose to trust
them or not. The worst case is that via a MITM (man in the middle),
spoofing, or other attack, ANYONE may download and run any software
they desire on your clients.
I'd call that a security risk of a high order!
John Hall Senior Network Admin, Postmaster
com Siemens Medical Systems, Inc.
InterNIC: JH411 Ultrasound Group