Re: Is _your_ Netscape under remote control

[dom () cwi nl (Dominique Avatravaux)]

  Hello,
> Anyone else seen this? Netscape 1.1 and higher can be controlled
> remotely. This can be abused in many ways as Netscape can be made to open
> URL's add bookmarks, open local files and save local files without
> informing the user.
[snip]

  Yep, I already attempted to exploit this bug... First this only works on
misconfigured X displays (I know it is not rare, but...), second it is somewhat
hard to make a daemon which periodically checks if there is a Netscape running
on a given machine, and third this is not discrete : unless iconized, the
Netscape window shows what it is doing. I gave up after several *weeks* of
trial (was attempting to make him a surprise)... Sincerely, there are much
easier ways to exploit misconfigured X displays, the simplest being a Trojan
horse imitating an Xdm login prompt.

> The Windows and Mac versions also have their own remote control but I'll
> leave someone else to look at them...
[snip]
>
  Er, unfortunately enough they don't listen to the network in any way : only X
has this network-transparent inter-client communications feature (or W95,
perhaps ?)

--
                                                        Dominique Quatravaux
                                                Dominique.Quatravaux () ens fr