Quoting Mikey ([EMAIL PROTECTED]): > Does anyone have any thoughts on ActiveX Control? I've been a bit > wary, but eBay Enhanced Picture Services uses it, and the service > looks useful to me.
You're intended to trust that ActiveX controls are safe if/when they're crytographically signed with (what you hope is) an unrevoked, valid sender key -- a system called "Authenticode". When the author of Authenticode (Microsoft Corp.'s Bob Atkinson) wrote to the comp.risks forum to, basically, advise regulars to not worry their pretty little heads over ActiveX security, he got politely but efficiently shellacked. Expertly -- by my fellow system administrators and network security specialists. One of them, at the end of that bloodbath, summarised nicely (http://catless.ncl.ac.uk/Risks/18.89.html#subj11): The recent messages on ActiveX/Authenticode security have prompted me to submit the following simple description of Authenticode security and why it doesn't work. It's very non-technical, and doesn't require any knowledge of digital signatures or anything similar. It's been tested on the local ActiveX glee club, and seems to work: Imagine a large, security-conscious office building. At the main entrance is a security desk where anyone entering the building is required to present some form of ID like a drivers license, and sign in. If you don't have your ID, the security guards have the option of turning you away. Once you've signed in for the first time, you're allowed free run of the building. You can take anything you want into and out of the building and roam the building at will. As long as you flash your driver's license at the security guard, no one ever checks anything else. One day, a huge explosion rocks the building, destroying most of it and killing a great many people. There is no evidence left after the explosion that can be used to find out exactly what happened. Scenario 1 (less likely): The security guards have logs of everyone who entered, a total of nearly 3000 people in the last few months. (Remember that there is *no* other evidence.) How are these logs going to help pinpoint who caused the explosion? Scenario 2 (more likely): The logs were destroyed during the explosion, along with everything else. How do you find out who caused the explosion? I think the parallels with ActiveX and Authenticode are obvious. -- Cheers, Rick Moen Support your local medical examiner: Die strangely. [EMAIL PROTECTED]
