Re: Webpage dialed my modem to ?
From: Cubit (no_at_no.not)
Date: 10/30/03
- Next message: Moe Szyslak: "Re: Login Script - Installing HotFix/Patches"
- Previous message: Chuck: "Re: How do I stop SPAM from Microsoft?"
- In reply to: Alun Jones [MS MVP]: "Re: Webpage dialed my modem to ?"
- Next in thread: melvin: "Re: Webpage dialed my modem to ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 22:04:32 GMT
[snip]
> What are you claiming was the vulnerability here?
[snip]
> Alun.
I found your post to be curiously unsympathetic.
I had assumed that for a webpage to download an exe file, there would be a
chance to approve or refuse such a thing. I now believe that the aciveX
scripting can be written so that the download of the exe file is hidden from
the user. To me, this is a security flaw, even if it is dressed up as a
feature.
On your suggestion that I unknowly approved the dialer, there is a slim
chance you are correct. The website was in German and my 3 years of German
in High School is less than a working knowledge of the language. My
websearch had been in English. Using a foreign language disclaimer in a US
based site might be a sneaky way to steal with unintended 900/976 type
calls.
My options were set to never dial out without prompting me. Something in
the downloaded code overode that. Doing this is the smoking gun to a
criminal intent.
I am not planning to contact law enforcement. I don't have all my ducks
lined up. Never-the-less I am a victim.
- Next message: Moe Szyslak: "Re: Login Script - Installing HotFix/Patches"
- Previous message: Chuck: "Re: How do I stop SPAM from Microsoft?"
- In reply to: Alun Jones [MS MVP]: "Re: Webpage dialed my modem to ?"
- Next in thread: melvin: "Re: Webpage dialed my modem to ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
