RE: ActiveX - Arrogance rules (fwd)

• To: "'www-security'" <www-security@ns2.rutgers.edu>
• Subject: RE: ActiveX - Arrogance rules (fwd)
• From: "John Lehmann (SSASyd)" <LEHMANNJ@saatchi.com.au>
• Date: Tue, 20 Aug 96 09:34:00 S

> [Evil marketing droid attempts to collect personal data via ActiveX
>  component.  Said cretin has big enough company name that trust is
>  probably automatic.]
>
> ActiveX does not have a good security model because the above is   
possible.
> You may say that the above will not happen because of ethical concerns   
in
> that company.  (I have worked for companies that would do things far   
less
> ethical if given half the chance.  (They are in court now for some of
> them.))  Given that few (if any) people actually disassemble the apps   
that
> run on their machine, the chances of getting caught are slim to none.

Only one person has to recognize that the ActiveX control is performing
nefarious background activities to blow the whistle -- and that is one
gigantic whistle.  I do not have to provide an appeal to ethics to show
that this simply will not happen with large companies.  Self interest is
enough.  Do you have any idea what kind of publicity machine would come
down on a company that did this?


Oh, please!  Don't you remember that to log onto the microsoft network   
you had to upload your entire directory structure?  Huge corporations do   
these things.

Is there an easy way in which you can check whether or not an ActiveX   
control is doing this sort of thing?  A way that is sensible to implement   
in an age of disposable programming?

 --
John 'lotsa rhetoric' Lehmann

• Previous: FrontPage server ext., summary of holes?
• Next: Re: Has Rutgers orphaned the www-security mailing list?
• Index(es):
  • Index
  • Thread