Nicolas Roumiantzeff wrote:
>
> Stephen,
>
> >Well I'm one person who distrusts ActiveX and with good reason.
> >I know of some ActiveX controls signed by Microsoft that open up
> >security holes: one allows you to run arbitrary code.
>
> You don't need to install ActiveX to get security holes, there is plenty
> enough in IE itself ;-)
Yes I know but ActiveX is a particularly good way of generating an
endless stream of security holes particularly on the "anyone can do
anything" (Win95, 98 etc) OSes.
>
> Is the ActiveX you mensioned marked as safe for scripting?
>
Erm yes it is in fact its only use if for scripting. I told MS about it
and they appear to have silently upgraded it with newer stuff without
any other mention AFAIK.
I think I'd better send some info to the various security lists before
giving any more info. MS have been given more than fair warning.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
