Re: ActiveX security hole reported.

• To: Jeremey Barrett <jeremey@forequest.com>
• Subject: Re: ActiveX security hole reported.
• From: Sean Robert Wilkins <srw134@email.psu.edu>
• Date: Fri, 16 Aug 1996 05:03:57 -0400
• Cc: www-security@ns2.rutgers.edu

>Brilliant. You must think that the average user is highly aware of the
>security of his or her machine and actively takes steps to insure said
>security. AND your statements assume that there exist trusted parties
>to sign things, and that they don't charge an arm and a leg to do so.
>
>I expect that totally unsigned controls will comprise the vast majority
>of those encountered, and I expect that many if not most users will ignore
>the warnings IE gives out, especially given the tendency of most
>windoze applications to spew dialog boxes about everything, most of 
>which just require clicking 'Ok'.
>
>If the facilities exist for control authors to sign their own code,
>then I would expect that to be pretty popular, which would only
>prevent spoofing, and not prevent or even warn of a malicious control.
>
>Alan Olsen's statement
>
>> >The ActiveX security model is not a security model.  It is an act of
>> >religious faith.
>
>is dead on.

Now i should start and say i am surely not saying there are no security
problems here, BUT actually a person who is running around the web with
software of this type should know at least the basic security around the
dialogs. Now not that everyone knows everything, but a basic level should be
known, this is why MS's messages are so descriptive to Netscapes, to
compare. And actually there are some places to get your code signed for a
reasonable rate, about the same rate as it is to have say ASP verify a
shareware program. These companys are in the Internet position of a notary. 

        Actually i had a question of you are you a big fan of Java? or its
scripting. MS based or SUN?? There is always going to be a back door
somewhere.. or an invisible security problem..

        Another thing about this the angry or sarcastic tone of this message
is not appriciated or neccasary so please don't use it, This is a news group
for debating maybe but none of that stuff...

Sean Robert Wilkins
Student , Staff, and the intelligent tech guy.
(SRW134@PSU.EDU)
Msg me for Public Key
Key fingerprint =  65 8B 83 06 63 AB B3 CA  55 59 81 1C 27 B3 B1 4C 
LTR
---LTR---

• Re: ActiveX security hole reported.
• From: Jeremey Barrett <jeremey@forequest.com>
• Re: ActiveX security hole reported.
• From: Mary Ellen Zurko <zurko@osf.org>

• Previous: Re: How to get OFF this list
• Next: Re: How to get OFF this list
• Index(es):
  • Index
  • Thread