Re: Active X exploit.

alanLXORGUK.UKUU.ORG.UK

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Christopher Craig: "Re: More ssh fun (sshd this time)"
• Previous message: David Holland: "Re: Active X exploit."
• In reply to: Paul Leach: "Re: Active X exploit."
• Next in thread: Lutz Donnerhacke: "Re: Active X exploit."

> What ActiveX doesn't have is a sandbox. That's different than saying
> that there's no security.
>
> ActiveX controls are _signed_ DLLs. You run the code if you trust the
> signer. If you do, you know that no one has tampered with the code since
> the signer signed it.
>
> That's more secure than what I buy at the store.

When sir, was the last time you walked into a store and every time you
looked at a package it automatically installed itself and ran ?

Signing things is good practice, and its one I'm pleased to see many
OS and product vendors adopting. Automatically running things that are
signed is a different matter.

Alan

• Next message: Christopher Craig: "Re: More ssh fun (sshd this time)"
• Previous message: David Holland: "Re: Active X exploit."
• In reply to: Paul Leach: "Re: Active X exploit."
• Next in thread: Lutz Donnerhacke: "Re: Active X exploit."