-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Active content is evil. Period.
Along those same lines is this: "NIST Issues New Computer Security Guidelines for Active Content" http://www.gcn.com/online/vol1_no1/44972-1.html My favorite quote: "Incorporating active content such as Java applets, JavaScript and other scripts, and macros can add to the functionality of documents, e-mails, Web pages and files in a wide variety of formats, but NIST calls their security vulnerabilities 'insidious'." Insidious indeed. - - ferg - -- Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: And probably not the last vendor - reported by this US-CERT team member: http://secunia.com/search/?search=Will+Dormann+activex&sort_by=date - - Juha-Matti [EMAIL PROTECTED] wrote: > >Seesh. Another big software vendor places a backdoor on their >customers computers that the bad guys can use also. > > >Richard > > >http://www.kb.cert.org/vuls/id/979638 > > >Intuit QuickBooks Online Edition is a version of QuickBooks that is >implemented as an ActiveX control. This ActiveX control contains several >dangerous methods, such as httpGETToFile() and httpPOSTFromFile(). These >methods can be used to download or upload files in arbitrary locations. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFG4N3Hq1pz9mNUZTMRAq0RAJ9EEjEvQsT5sGs0oHjnchlZSePwKgCeIwKi QjcTdANzkWJV+99GdyzqzmY= =fEk0 -----END PGP SIGNATURE----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
