From: Mark Aldrich <maldrich@grctechs.va.grci.com>
Date: Fri, 22 Mar 1996 00:10:50 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: POINTCAST - Could it be a Trojan Horse?
In-Reply-To: <199603210305.TAA26171@ix6.ix.netcom.com>
Message-ID: <Pine.SCO.3.91.960321082903.16781D-100000@grctechs.va.grci.com>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 20 Mar 1996, Bill Stewart wrote:

<snip>

> >     There is a new web site http://www.pointcast.com which provides a
> >     program file pcninstl.exe. You download pcninstl.exe and run the
> >     program on your PC from Windows 95 or Windows 3.1
> >
> >     PCN is a program that interfaces to the Internet using port 80 and
> >     provides you customizable up-to-the minute downloads of news
> >     headlines, stocks, customizable sports, customizable weather,
> >     customizable financial, Internet access (HTTP only with this release)
> >     and personal (horoscopes and lotteries).

IBM is also running such a service.  It's called InfoMarket and it does 
the same thing.  You load the trojan, uh.., I mean "client," onto your 
box, and then it listens to the channels for you and puts up on the 
screen the tasty bits that you want.  Of course, on a DOS box, it can 
also put all sorts of other stuff onto your computer.

And, of course, after the "trial period" you'll be charged to dine at 
their info-trough.

( InfoMarket bullshit is at http://www.infomkt.ibm.com/ )

> >     Well, Maybe it is too good to be true.  This program becomes a proxy
> >     operator for you. Downloading, through your firewall, whatever it
> >     decides should be downloaded, data, new executables, etc.  What is to
> >     prevent a hacker (or cracker if you like that term better) from
> >     offering a similar product which captures you PC keystrokes and scans
> >     your hard drive and uploads information, accesses your LAN or PC
> >     functions, or destroys PC files and data.

Thanks for the suggestions.  We'll add them to the list....

------------------------------------------------------------------------- 
|      Liberty is truly dead              |Mark Aldrich                 | 
|    when the slaves are willing          |GRCI INFOSEC Engineering     | 
|     to forge their own chains.          |maldrich@grci.com            | 
|        STOP THE CDA NOW!                |MAldrich@dockmaster.ncsc.mil | 
|_______________________________________________________________________| 
|The author is PGP Empowered.  Public key at:  finger maldrich@grci.com |
|    The opinions expressed herein are strictly those of the author     | 
|         and my employer gets no credit for them whatsoever.           | 
-------------------------------------------------------------------------