Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!julius.cs.uiuc.edu!apple!agate!oreo.berkeley.edu!raymond From: raymond@oreo.berkeley.edu (Raymond Chen) Newsgroups: comp.sys.ibm.pc.misc Subject: Re: Is Prodigy safe to use? Message-ID: <1990Dec14.020225.16686@agate.berkeley.edu> Date: 14 Dec 90 02:02:25 GMT References: <80330004@hpl-opus.hpl.hp.com> Sender: usenet@agate.berkeley.edu (USENET Administrator) Followup-To: poster Organization: U.C. Berkeley Lines: 71 The topic has been discussed in comp.risks. Here are the references from Volume 9. RISKS-9.55 18 Dec 1989 PR RISKs of computer communications -- Prodigy (Mark Jackson) RISKS-9.69 15 Feb 1990 Now Prodigy Can Read You (Wechsler, Donald B) RISKS-9.74 12 Mar 1990 Re: Now Prodigy Can Read You (Eric Roskos) RISKS-9.75 15 Mar 1990 PRODIGY updating programs (Simson L. Garfinkel) RISKS-9.78 5 Apr 1990 More on Prodigy's Updating of a User's Disks (Eric Roskos, Paul Eggert) RISKS-9.79 9 Apr 1990 Re: More on Prodigy's Updating of a User's Disks (Leonard Erickson) Here are copies of the first three referenced articles. If you are still interested, you can ftp the other references from the comp.risks archives at crvax.sri.com. I have taken the liberty of editing the items for brevity. The full unexpurgicated versions are available from crvax. Note also that Volume 10 contains discussion on Prodigy's infamous censorship escapades, and its recent electronic mail brouhaha. ------------------------------------------------------------------------------- Date: Thursday, 15 Feb 1990 17:11:22 EST From: m17434@mwvm.mitre.org (Wechsler, Donald B) Subject: Now Prodigy Can Read You The Prodigy Services publication, PRODIGY STAR, recently showcased a "major benefit". Prodigy accesses remote subscribers' disks to check the Prodigy software version used, and when necessary, downloads the latest programs. This process is automatic when subscribers link to the network. I asked Prodigy how they protect against the possibility of altering subscribers' non-Prodigy programs, or reading their personal data. Prodigy's less-than-reassuring response was essentially (1) we don't look at other programs, and (2) you can boot from a floppy disk. According to Prodigy, the feature cannot be disabled. ------------------------------ Date: Fri, 09 Mar 90 09:37:19 E From: Eric Roskos Subject: Re: Now Prodigy Can Read You (RISKS-9.69) The "programs" updated by the PRODIGY software are not executable files loadable by the PC's operating system. The PRODIGY software is unable to update the DOS-executable object programs automatically, and has to send out new disks when this is necessary. Nevertheless, due the PC's lack of security mechanisms, the possibility of altering subscriber's programs or reading personal data does exist on any such system. PRODIGY representatives have repeatedly stated that the PRODIGY software will not do this. ------------------------------ Date: 12 Mar 90 20:44:07 EST (Mon) From: simsong@prose.CAMBRIDGE.MA.US (Simson L. Garfinkel) Subject: PRODIGY updating programs I must take issue with Eric Roskos saying that PRODIGY can only update information in the STAGE.DAT file. In doing my article on PRODIGY for The Christian Science Monitor, I was told by Prodigy's manager of software services that one of the really nifty tricks of PRODIGY is that nearly the entire system running on the PC --- including the .EXE files --- can be updated remotely. This eliminates the need to send out floppy disks with updates.