[Previous] [Next] [Index]
[Thread]
Re: ActiveX security hole reported.
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 15 Aug 1996, Sean Robert Wilkins wrote:
> >The question I have is "If this had been signed by an "authoritative source"
> >(such as Microsoft), would these dialogs pop up in the first place?
> >
> >An example would be if I worked for company X, wrote an app that read off
> >all the names on your PGP keyring and had it signed by the appropreate app
> >signing service, would there be any waring for the "victim"?" Probibly not.
> >
> >The problem with the ActiveX security model is it assumes that you can trust
> >the company who is doing the signing to be operating in your best interest
> >and be vigilant for dangerous and bad apps. I do consider pleas to
> >authority to be a good security model. There are far to many people with
> >far to many motivations to have this model add to my level of security.
> >
> >At least Java tries to prevent these apps from being able to be written in
> >the first place. Active X says trust an app signed by Microsoft and
> >anything they want goes. (I trust Microsoft about as far as I can throw a
> >General Protection Fault.)
> >
> >The ActiveX security model is not a security model. It is an act of
> >religious faith.
>
> Actually, to answer your question at the beginning. IE, does come up with a
> dialog if the certain activex control was signed and not verifyed through
> you. And if it was signed, you can check the signiture before you run it. So
> personally i think it is not all that great that this can happen, BUT it
> opens the doors to what a real activex author can do. To have somebody go
> out and cry because they were to stupid enough not to check the signiture is
> sort of dumb is it not??
>
> Think about it people is there not a level of stupidity that reigns here??
Brilliant. You must think that the average user is highly aware of the
security of his or her machine and actively takes steps to insure said
security. AND your statements assume that there exist trusted parties
to sign things, and that they don't charge an arm and a leg to do so.
I expect that totally unsigned controls will comprise the vast majority
of those encountered, and I expect that many if not most users will ignore
the warnings IE gives out, especially given the tendency of most
windoze applications to spew dialog boxes about everything, most of
which just require clicking 'Ok'.
If the facilities exist for control authors to sign their own code,
then I would expect that to be pretty popular, which would only
prevent spoofing, and not prevent or even warn of a malicious control.
Alan Olsen's statement
> >The ActiveX security model is not a security model. It is an act of
> >religious faith.
is dead on.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jeremey Barrett
Senior Software Engineer jeremey@forequest.com
The ForeQuest Company http://www.forequest.com/
PGP Key fingerprint = 3B 42 1E D4 4B 17 0D 80 DC 59 6F 59 04 C3 83 64
PGP Public Key: http://www.forequest.com/people/jeremey/pgpkey.htm
"less is more." -- Mies van de Rohe.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMhQMri/fy+vkqMxNAQEEUAQAxpoKHAvpBaTT5ZbITDILXdOhiNxiEJ0h
Gaht8d75ToeGW4j3JVZwVJTk4ez7lHxEKiEr5+WXDo3U459bgJHrRcn2TtHoyZcP
rseibTLE2Q+7iD6p32syIArcesyoeoYuVBf52LfcvKKT5T+dHLdC0FjeOe7uCw2q
I+8yJSJqpJs=
=fkh0
-----END PGP SIGNATURE-----
Follow-Ups:
References: