Security Lapse Redux
jpapier
jpapier at infolink.org
Mon Nov 2 14:50:09 EST 1998
OK, I'm on a roll...our Internet PC's sport: Ikiosk, password-protected
CMOS access, read-only prefs.js files, C: only boot-up sequence,
anti-virus software, "no autorun" when a CD is inserted, and now
"taskman = " in sys.ini under the [boot] section.
But...and I am resolutely uninterested in starting a flame war over the
merits of allowing it or not...we do offer access to web-based email.
On a whim, I accessed my Hotmail account, and composed a letter
w/attachment. In the path-box for the attachment, I simply typed in
"C:\COMMAND.COM" and sent it to myself. Behold, upon receipt of same
letter, I opened attachment and entered the wondrous world of DOS.
I think about security a fair amount because I have to. This glitch
just occurred to me...so far it hasn't occurred to any of our 13-year
olds, but give 'em time. Anyone have similar glitches they've
discovered and would like to share? Any great security insights?
Ain't Life Grand,
JP
--
Jeff Papier
Network / Internet Librarian
South Brunswick Public Library
Monmouth Junction, NJ
More information about the Web4lib
mailing list