The Risks of Downloaded Code
Fred McLain’s Internet Exploder showed that an ActiveX control can turn off your computer. But, as we’ve said, it could have done far worse damage. Indeed, it is hard to overstate the attacks that could be written and the subsequent risks of executing code downloaded from the Internet.
Programs That Can Spend Your Money
Increasingly, programs running computers can spend the money of their owners. What happens when money is spent by a program without the owner’s permission? Who is liable for the funds spent? How can owners prevent these attacks?
To answer these questions, it’s necessary to first understand how the money is being spent.
Telephone billing records
One of the first recorded cases of a computer program that could spend money on behalf of somebody else was the pornography viewer distributed by the Sexy Girls web site (described at the beginning of this chapter).
In this case, what made it possible for the money to be spent was the international long distance system, which already has provisions for billing individuals for long distance telephone calls placed on telephone lines. Because a program running on the computer could place a telephone call of its choosing, and because there is a system for charging people for these calls, the program could spend money.
Although the Sexy Girls pornography viewer spent money by placing international telephone calls, it could just as easily have dialed telephone numbers in the 976 exchange or 900 area code, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access