ICQ Rumor Database - #021

I have found a disturbing page on the web..if someone named SandMan asks you to check out his page DO NOT! It is at www.geocities.com/vienna/6318 This page hacks into your C:/ drive. DO NOT GO THERE...FORWARD THIS TO EVERYONE...HE WILL REQUEST A CHAT WITH YOU.... REMOVE THE NAMES FROM THE TOP OF THIS MESSAGE SO THE WHOLE MESSAGE GETS OUT TO EVERY

Of course the first thing I did was go to that page. A few MIDIs, some links and not much else. One thing is certain, my "C:/ drive" is just fine. The only thing getting hacked here is the crediblity of the people who forward messages like this.

I should point out that occasionally a security flaw is found in various browsers. While "evil hacker web pages" are more myth than fact, almost anything is possible where browser or e-mail client bugs are concerned. I strongly advise you to use up-to-date versions of your browser, e-mail reader and ICQ. The following sites link to many of the currently available patches: Windows Internet Patches and WinFiles.Com. Users of Eudrora Pro should check here for security updates: http://eudora.qualcomm.com/security.html.

Having pointed out that, while rare, a web site could exploit a bug in a browser, I would also like to demonstrate how some people are tricked into believing that a web site is accessing their hard drive. One of the oldest tricks is using a form request to display the contents of a hard drive. When you click on one of the buttons below you will see a listing of your C: drive. Note: only YOU are seeing it, no information is actually being passed over the net to me or anyone else. But with a few "enhancements" it can be made to appear that all the files on your hard drive are being erased. Go ahead and try it (if you dare *g*) and then hit the "back" button.
Looked convincing, didn't it? It is tricks like this that have fooled many people into believing that their hard drive was being "looked at" by a web site. But except in the case of a browser bug, the contents of your hard drive are protected from rouge Java applets and malicious HTML code.

UPDATE (10/22/98): It is getting increasingly difficult to make any pronouncements regarding security. Lately for every rule there seems to be a security bug, either in a browser or an e-mail client. In this case I just tried a CGI script that can in fact read the file names in any of your hard drive directories. Another script is capable of reading your cookies. Neither script can directly write or delete any files, but until Netscape and Microsoft get around to patching the holes, be aware that this problem does exist.



This rumor appears on the ICQ Lies Collection Page 3.

Click the BACK button to return to the search results
or CLICK HERE to return to the main page.


ICQ Lies Copyright ©1997-2000 Thomas Robert Pasawicz aka DiamondBack
All Rights Reserved
http://diamond-back.com