Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Active X exploit.David Holland (dhollandEECS.HARVARD.EDU)
Wed, 27 Aug 1997 09:10:20 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Alan Cox: "Re: Active X exploit."
- Previous message: Casper Dik: "Re: Active X exploit."
- In reply to: Paul Leach: "Re: Active X exploit."
- Next in thread: Alan Cox: "Re: Active X exploit."
> What ActiveX doesn't have is a sandbox. That's different than saying > that there's no security. > > ActiveX controls are _signed_ DLLs. You run the code if you trust the > signer. If you do, you know that no one has tampered with the code since > the signer signed it. Anyone who has followed this list for more than a month should realize that code written with the best of intentions, and not tampered with, is still routinely full of security holes. On the other hand, I can send you an unsigned piece of code that does exactly what it says it does and contains no security holes whatsoever. Authentication of code is an entirely different problem from security of code. > That's more secure than what I buy at the store. Not really. -- - David A. Holland | VINO project home page: dhollandeecs.harvard.edu | http://www.eecs.harvard.edu/vino