[Previous] [Next] [Index]
[Thread]
Re: ActiveX security hole reported.
-----BEGIN PGP SIGNED MESSAGE-----
Gary Meltzer writes:
>
> How does this control differ from an HTML page that tells
> readers to turn the power switch off?
What is impressive to me is not that people will download something
designed to do something they don't want done, or that the API works
as documented. What impresses me is that despite the blatant risk
involved in the propagation of this "technology", it will probably
succeed and become popular. The person who posted that control could
have named it something like "nudie-screensaver.ocx", and not posted
any warnings on his page about it. With the propagation and growth in
popularity of ActiveX, people will get to just automatically click
"Yes" on those buttons in the popup warning boxes, because they will
see them all the time. It is obvious to me that something more than
digital signatures has to be done with this.
An HTML page that tells people to shut their power off will, for
obvious reasons, not be successful. An ActiveX control that claims to
be a screensaver with a nudie picture (or something equally as
"benign") will likely get people to run it.
-cjw
- --
PGP Key Fingerprint = 24 28 05 93 D7 C9 16 FF 55 66 FF FC D9 21 18 D1
Key at http://www.paladin.com/chris/pubkey.txt
"Beware that the most effective way for someone to decrypt your
data may be with a rubber hose." --Tatu Ylonen
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBMhMnVFBcQF9K4jiRAQEUfgP/cbMTdiOZ1Or0hyt9hy03i6oxlRE9Lbxk
7jcHbivhLl26cshV/hI/foltFB/PmC4YEENKMNj2GSVPgcOp5MQ4Loyn/3U2B7/o
frKhofC/ZKMhxu6YNJWb3dir2IOCtn87SUYwH3wM4LzIIdECFe80rpLScZH0tALa
wwnNnAzN54k=
=OBWB
-----END PGP SIGNATURE-----
References: