[Previous] [Next] [Index]
[Thread]
Re: ActiveX security hole reported.
On Thu, 15 Aug 1996, Sean Robert Wilkins wrote:
> Actually, to answer your question at the beginning. IE, does come up with a
> dialog if the certain activex control was signed and not verifyed through
> you. And if it was signed, you can check the signiture before you run it. So
> personally i think it is not all that great that this can happen, BUT it
> opens the doors to what a real activex author can do. To have somebody go
> out and cry because they were to stupid enough not to check the signiture is
> sort of dumb is it not??
This is NOT acceptable security for those of us responsible for the
integrity and security of a company network. One user who wants that
nudi-screensaver A/X control which hasnt been signed yet but sounds
harmless enough to let it run, can compromie my entire network, my
companies private information could be released. Humans train very
easily, if A/X becomes popular and you come across A/X controls that have
not gone thru the proper signing channels but end up running them anyways,
you'll get used to clicking that OK dialog and it becomes just like the
hundreds of other WIn95 dialog boxes, you insinctivly click OK.
Do you think the average user reads what the dialog says? NO they do not
if they appear often.
> Think about it people is there not a level of stupidity that reigns here??
That't just the problem, stupidity of the users becomes problematic beause
of the stupidity of a company who designs this product.
as if it were a Chagall painting, nesta stubbs
but with cyberpunks, or Edgar pumpkin
Allan Poe's reverberant word, cosmo@ebs.net
and the word is cyberpunk. -jlwitwer nesta@cynico.com
References: