Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!wuarchive!uunet!stanford.edu!agate!ucbvax!ucbvax.berkeley.edu!nj From: nj@magnolia.Berkeley.EDU (Narciso Jaramillo) Newsgroups: comp.sys.amiga.misc Subject: Re: Anyone using prodigy with an AMIGA? Message-ID: Date: 6 May 91 19:29:04 GMT References: <+W6B79@irie.ais.org> <1991May2.151223.19343@cbnewse.att.com> <1991May02.160135.20734@convex.com> <1991May5.205134.665@bilver.uucp> Sender: nobody@ucbvax.BERKELEY.EDU Distribution: na Organization: Postcarcinogenic Bliss, Inc. Lines: 24 In-reply-to: alex@bilver.uucp's message of 5 May 91 20:51:34 GMT In article <1991May5.205134.665@bilver.uucp> alex@bilver.uucp (Alex Matulich) writes: [about Prodigy's STAGE.DAT file] COME ON PEOPLE! You are making a fuss about what is probably nothing at all. Doesn't anybody realize that under MSDOS, when a program allocates file space for itself on the hard disk, that space may contain fragments of files that used to occupy that space? When you allocate file space, the space is NOT cleared. The real problem is not whether Prodigy intentionally included code in the client program to grab files off your hard disk. Whether or not it's intentional, it's still a security risk; through the STAGE.DAT file, your data is now accessible to any programmer who works at Prodigy, including J. Random Hired Hacker who feels like inserting commands into the server software to grab your data just for laughs. Granted, if Prodigy really wanted to steal your data it could do it directly from the client program you run to connect to the system. But even clumsy security risks are still risks; your home is just as unsafe if you leave the door unlocked as if someone breaks in. nj