Jim Littlefield says -- > >Something to remember is that AOL provides a program for users to use when >dialing in. A bad security hole would exist if this program supports any >"magic" headers, etc. > >Just my $0.02. > >-- Has anyone reverse engineered the program(s - DOS/WIN/MAC versions) to develop an "Undocumented AOL"? Should be able to identify any magic doors provided. One other possible exposure - with AOL it is possible to set an option to "expand on exit" which calls their EXPAND program to expand compressed transfers. This program could make the mistake of also executing a file transferred (I don't think it does) before you have a chance to apply your favorite virus scanner to it. Isn't life in the fast lane fun! ---------------------------------------------------------------------- Internet: mshines@ia.purdue.edu | Michael S. Hines Bitnet: michaelh@purccvm | Sr. Information Systems Auditor Purdue WIZARD Mail: MSHINES | Purdue University GTE Net Voice: (317) 494-5845 | 1065 Freehafer Hall GTE Net FAX: (317) 496-1814 | West Lafayette, IN 47907-1065 CompuServe: 73240,1631 |