mailing list archives
RE: Gator installer Plugin allows any software to be installed
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 22 Feb 2002 11:01:44 -0500
Good catch! It turns out that I asked Gator 2 years ago about potential
security problems in the Gator download system. See the attached
message. According to my archives, I never got a reply.
Richard M. Smith
From: Richard M. Smith
Sent: Monday, January 17, 2000 5:17 PM
To: mark () gator com; tony () gator com; mpennell () YAHOO COM
Cc: Richard M. Smith
Subject: A few technical questions about the Gator plugin for IE
Hi Tony Martin and Mark Pennell,
I have a few technical questions about the Gator plugin for
1. Are there any security mechanisms built into the Gator
ActiveX control to prevent a hacker from using the control
on their own Web page to download and execute malicous
code? It appears to me from Gator installation page that
the location of the Setup Bundle file is settable using the
"server" and "rootdir" parameters.
2. What file format does a Setup Bundle file use?
3. How come ever transmission from my computer to
the eguard.com server includes a GUID serial number?
GET /Cmd/Client_GetSite;wired.com HTTP/1.0
I assume that this number is unique id number which
identifies me. It seems to contain my Ethernet
adapter address (002078900337).
4. Is this GUID serial number associated with my registration