Re: Is _your_ Netscape under remote control
Dominique Avatravaux (dom@cwi.nl)
Fri, 24 May 1996 20:12:09 -0600
Hello,
> Anyone else seen this? Netscape 1.1 and higher can be controlled
> remotely. This can be abused in many ways as Netscape can be made to open
> URL's add bookmarks, open local files and save local files without
> informing the user.
[snip]
Yep, I already attempted to exploit this bug... First this only works on
misconfigured X displays (I know it is not rare, but...), second it is somewhat
hard to make a daemon which periodically checks if there is a Netscape running
on a given machine, and third this is not discrete : unless iconized, the
Netscape window shows what it is doing. I gave up after several *weeks* of
trial (was attempting to make him a surprise)... Sincerely, there are much
easier ways to exploit misconfigured X displays, the simplest being a Trojan
horse imitating an Xdm login prompt.
> The Windows and Mac versions also have their own remote control but I'll
> leave someone else to look at them...
[snip]
>
Er, unfortunately enough they don't listen to the network in any way : only X
has this network-transparent inter-client communications feature (or W95,
perhaps ?)
--
Dominique Quatravaux
Dominique.Quatravaux@ens.fr