Slashdot Mirror
AOL Hacks Subscribers' Computers
ctwxman writes "If you're running a recent vintage version of Windows, and connecting to the Internet with an IP address reachable from the outside world, you've probably seen them. They're rectangular boxes that pop-up out of the blue with advertising. These aren't pop-up (or pop-under) browser ads but actually a weird misuse of Windows Messenger Service, a mostly useless tool which Microsoft has left on by default! Though similarly named, this isn't at all related to Microsoft's IM product. You can't block these pop-ups by shutting down ports, because Windows Messenger Service shares some ports with other useful services. The best way to stop the pop-ups requires the user to readjust some internal Windows settings. As you might imagine, many users are reticent to do that. Now, AOL has come up with another solution. They're going into subscribers' machines, without asking and making the adjustments themselves! Though the short term result will probably be good, there are all sorts of implications when your ISP just reaches out and decides how your PC should be configured without your knowledge." The Computer Fraud and Abuse Act makes this clearly illegal; if this were a 17-year-old instead of AOL, the FBI would be investigating.
I for one hope that AOL starts distributing the Microsoft patches on their CDs and via their service as well as part of their AOL software updates to encourage people to get the most recent software patches. (fp?)
That says a lot.
The computer fraud and abuse act covers unauthorized access, and while the changes may not be explicitly authorized, I'm willing to wager that there is some clause in the agreement between the users and AOL that allows for this kind of thing.
Unethical, yes.
Legal? Possibly. I haven't used AOL in about six years, and even then, I don't think that I looked at the EULA (if there even was/is one)
01101001 01100001 01101101 01101110 01101111 01110100 01100001 01101100 01100001 01110111 01111001 01100101 01110010
Yep. Because the reason for this is that this is what the next big worm will be. There is a remote exec hole in the messenger service.
So for once I think AOL deserves an applause.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
You're not talking about your "Average" ISP. AOL software uses a VPN client to connect you into the private aol-exclusive content. If this was done by earthlink or some other provider that just provides you ppp and unfiltered bits to the world, then yes, it's a bit more fuzzy, but you need to have the AOL software, and this could be covered by their EULA. People may not like it, but if you don't, use a different provider or OS that doesn't have these issues. I for one defend AOL for taking a good security stance in disabling a service 99.9% of the people likely don't know is running on their system, and for which they could be compromised via.
I can almost gurantee that about 95% of all AOL users will be thrilled. I'm a supervisor for a broadband services department and we often get customer's who switch from AOL only to find that spam/pop-ups/porn/etc on the unfiltered internet is so anonying that they want to go back to AOL immediately. Those people love to have their hand held through everything and want AOL to protect them from the internet. Almost anyone that actually uses net send probably isn't on AOL, they have a true ISP.
AOL is not hacking anything. It's an update to their software that does this, not some 1337 a0l h4x0r tech blowing past the firewall.
Jesus, even for slashdot this is too much FUD.
Granted, AOL should at least prompt the damn user. Turning off a service without asking is unacceptable.
DISABLE MESSENGER SERVICE? MESSENGER SERVICE
CAN BE USED TO DELIVER UNWANTED POP UP ADS.
[*YES*] [NO]
Oh wait, my bad. This is a multi-billion dollar corporation. Why should they give a shit what their customers want?
Only on