OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: David Garnier (david.garnieririsa.fr)
Date: Mon Jun 03 2002 - 02:29:59 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The security model of Active-X controls goes like that:
    "If you allow a digitally signed Active-X control to run, it can do
    whatever it wants to do. It is safe because you trust the signer of the
    control."

    So ok, you demonstrated that Microsoft's view of mobile code security is
    flawed, especially compared to the sandbox model of Java.

    Best regards,
    David Garnier

    "webmasterTHEMCLONES.COM" wrote:
    >
    > An Active-X control (created by me) at http://www.securityhole.cjb.net can
    > analyze each line in your autoexec.bat file for you.
    >
    > A security warning appears which you should accept for the control to load.
    > Also be patient as it takes time (depending on the speed of your connection)
    > to load.
    >
    > Disclaimer:
    >
    > The control ONLY reads your autoexec.bat file (on your command) and explains
    > each line to you(again on your command). No information of you or your file
    > is retained.... though Iam tracking the hits Iam receiving on the page.
    >
    > Known Problems:
    >
    > ==> Running the control on Windows 95 /98 First Edition, sometimes asks for
    > a reboot.
    >
    > ==> The control might not run if you are behind a proxy. In that case you
    > need to contact your administrator.
    >
    > ==> Also in your Internet Explorer setting under the category ActiveX
    > controls and plug-ins check the following...
    >
    > Download Signed ActiveX Controls : Enable
    > Download Unsigned ActiveX Controls : Disable
    > Initialize and script ActiveX controls not marked as safe : Disable
    > Run ActiveX controls and plugins : Enable
    > Script ActiveX controls marked as safe for scripting : Enable
    >
    > If you have any of the setting above which should say "Enable" but say
    > "Prompt", then the control just does not run (no prompts... seems like a bug
    > in IE).
    >
    > Comments and suggestions can be sent to webmasterthemclones.com
    >
    > Best Regards,
    > Spider
    >
    > "Peace was the way."
    > ... Kirk, 'The City on the Edge of Forever,' stardate unknown.. 

    -- 
IRISA-INRIA, Campus de Beaulieu, 35042 Rennes cedex, France
Tél: +33 (0) 2 99 84 71 00, Fax: +33 (0) 2 99 84 71 71