[Previous] [Next] [Index]
[Thread]
Re: ActiveX security hole reported [UPDATE!]
-----BEGIN PGP SIGNED MESSAGE-----
Call me alarmist, but this rubs me the wrong way, as it should anyone
who cares the slightest about their PC's and data:
I installed the release version of MSIE3.0 on my PC. I went to visit
that page with the exploder demo
(http://www.halcyon.com/mclain/ActiveX/) to see how it affected the
release version. I clicked on the link to the Exploder, and it popped
up a little dialog box that was titled "Potential security violation
avoided" and said:
"This page contains active content that is not verifiably safe to
display. To protect your computer, this content will not be
displayed.
Choose Help to find how you can change your safety settings so you
can view potentially unsafe content."
There are 2 buttons: "OK" and "Help". I clicked "OK", assuming that
MSIE was doing me a favor and prohibiting the ActiveX from being
executed.
The control went ahead and executed and my machine shut down.
In other words, with the default installation of MSIE3.0, I was *NOT*
offered an opportunity to cancel the potentially dangerous operation.
And Microsoft is touting ActiveX as something good, and are promoting
it heavily. I see benefits and advantages of ActiveX, but the
implementation in MSIE3.0 leaves much to be desired.
-cjw
- --
PGP Key Fingerprint = 24 28 05 93 D7 C9 16 FF 55 66 FF FC D9 21 18 D1
Key at http://www.paladin.com/chris/pubkey.txt
"Beware that the most effective way for someone to decrypt your
data may be with a rubber hose." --Tatu Ylonen
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBMhSI7FBcQF9K4jiRAQFnsgQAjQXl/UzKkY0EpINltFhJK6dJbiJRPe99
1RcW2ggmq/i2wzwpNZuRLvJsOWsYwO+gxI+FZZm0C/2vlF7OXgOyRv2dSM94ZpYz
+XZsegAlwfZkvchkKeDlvvCH+D+mN5dsCqGKT8lsJ96D7kSBiEXLFSiRr8tju1RA
TOjWBcDdKbw=
=OL/T
-----END PGP SIGNATURE-----
References: