[Previous] [Next] [Index]
[Thread]
Re: ActiveX security hole reported.
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 13 Aug 1996, Joe Shamblin wrote:
> On Mon, 12 Aug 1996 davidg@ctt.bellcore.com wrote:
>
> > On the other hand, when I did this a second time, I did not get the
> > first dialog box (the one about lacking signature). I did get two boxes
> > very similar to the one about safe execute.
>
> Remember the caveat on his page, or at least what should be taken as a
> caveat:
>
> Exploder, Fred's non-violent demonstration of Active X.
> ^^^^^^^^^^^
> This is a mere example of the problems associated with the program. It
> appears to have MUCH more power at the OS level than it should.
>
Yea... that ocx could easily wipe a drive or send the contents of a drive
over the net to an arbitrary location... no restrictions...
IMO, loading arbitrary native code over the net and popping up a couple
of warning dialogs is absolutely pathetic security, especially considering
the number of annoying dialogs presented by most windoze applications.
Users are highly likely to just click Ok.
M$ has outdone itself with this intolerable lack of thought. I'll try
and refrain from the long-winded rant this deserves.
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeremey Barrett
Senior Software Engineer jeremey@forequest.com
The ForeQuest Company http://www.forequest.com/
"less is more."
-- Mies van de Rohe.
Ken Thompson has an automobile which he helped design. Unlike most
automobiles, it has neither speedometer, nor gas gage, nor any of the
numerous idiot lights which plague the modern driver. Rather, if the
driver makes any mistake, a giant "?" lights up in the center of the
dashboard. "The experienced driver", he says, "will usually know
what's wrong."
-- 'fortune` output
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMhF+Gy/fy+vkqMxNAQFDRwP9FQS/kDet/sEqr4Rx1N5AWWD++WIZz2fy
cFoLwNBil44JICjMTXiP3lieWIvXeVVx5Bd2Dp9TcnV0Vmv1ArxvLcBnU3tvzwQR
jBzHTJH35Y+iRrrelhdkhG50R2zZ3dfDr8mAXeUENqY9HQ0rBeRSYClNU9FjtVw0
xMy6S5dGjbU=
=J7cT
-----END PGP SIGNATURE-----
References: