Microsoft admits IE vulnerability

Discussion in 'Computer Support' started by Au79, Oct 14, 2007.

  1. Au79

    Au79 Guest

    Au79, Oct 14, 2007
    #1
    1. Advertising

  2. Au79

    chuckcar Guest

    Au79 <> wrote in news:O%gQi.1200$:

    > PC Retail - Hertford,England,UK
    >
    > Microsoft has admitted its role in a security weakness in Internet
    > Explorer that saw malicious websites installing and enabling the
    > running of harmful code ...
    >


    No kidding, it's called java <g>.

    --
    (setq (chuck nil) car(chuck) )
    chuckcar, Oct 14, 2007
    #2
    1. Advertising

  3. Au79

    Guest

    chuckcar <> wrote:

    >Au79 <> wrote in news:O%gQi.1200$:
    >
    >> PC Retail - Hertford,England,UK
    >>
    >> Microsoft has admitted its role in a security weakness in Internet
    >> Explorer that saw malicious websites installing and enabling the
    >> running of harmful code ...


    >No kidding, it's called java <g>.


    No that would be ActiveX, and always has been.

    "An ActiveX control can be an extremely insecure way to provide a
    feature. Because it is a Component Object Model (COM) object, it can
    do anything the user can do from that computer. It can read from and
    write to the registry, and it has access to the local file system.
    From the moment a user downloads an ActiveX control, the control may
    be vulnerable to attack because any Web application on the Internet
    can repurpose it, that is, use the control for its own ends whether
    sincere or malicious."

    http://msdn2.microsoft.com/en-us/library/Aa752035.aspx
    --

    www.lifeinthefastlane.ca/when-pet-owners-go-too-far-part-2/offbeat-news
    , Oct 14, 2007
    #3
  4. Au79

    Fuzzy Logic Guest

    wrote in news:4aa3h35bq41v8v13n2lg4lnti25i45tgtr@
    4ax.com:

    > chuckcar <> wrote:
    >
    >>Au79 <> wrote in news:O%gQi.1200$:
    >>
    >>> PC Retail - Hertford,England,UK
    >>>
    >>> Microsoft has admitted its role in a security weakness in Internet
    >>> Explorer that saw malicious websites installing and enabling the
    >>> running of harmful code ...

    >
    >>No kidding, it's called java <g>.

    >
    > No that would be ActiveX, and always has been.
    >
    > "An ActiveX control can be an extremely insecure way to provide a
    > feature. Because it is a Component Object Model (COM) object, it can
    > do anything the user can do from that computer. It can read from and
    > write to the registry, and it has access to the local file system.
    > From the moment a user downloads an ActiveX control, the control may
    > be vulnerable to attack because any Web application on the Internet
    > can repurpose it, that is, use the control for its own ends whether
    > sincere or malicious."
    >
    > http://msdn2.microsoft.com/en-us/library/Aa752035.aspx


    Not unlike Firefox extensions:

    Anytime an application (such as Firefox) allows user code to execute without
    being validated can open up security vulnerabilities. As a developer it is
    your responsibility to ensure that your extension does not open any
    vulnerabilities to the Firefox browser.

    http://www.rietta.com/firefox/Tutorial/security.html
    Fuzzy Logic, Oct 15, 2007
    #4
  5. Au79

    Milano Man Guest

    I believe it's called activeX.

    chuckcar wrote:

    > Au79 <> wrote in news:O%gQi.1200$:
    >
    > > PC Retail - Hertford,England,UK
    > >
    > > Microsoft has admitted its role in a security weakness in Internet
    > > Explorer that saw malicious websites installing and enabling the
    > > running of harmful code ...
    > >

    >
    > No kidding, it's called java <g>.
    >
    > --
    > (setq (chuck nil) car(chuck) )
    Milano Man, Oct 15, 2007
    #5
  6. Au79

    Au79 Guest

    Fuzzy Logic wrote:

    > wrote in news:4aa3h35bq41v8v13n2lg4lnti25i45tgtr@
    > 4ax.com:
    >
    >> chuckcar <> wrote:
    >>
    >>>Au79 <> wrote in news:O%gQi.1200$:
    >>>
    >>>> PC Retail - Hertford,England,UK
    >>>>
    >>>> Microsoft has admitted its role in a security weakness in Internet
    >>>> Explorer that saw malicious websites installing and enabling the
    >>>> running of harmful code ...

    >>
    >>>No kidding, it's called java <g>.

    >>
    >> No that would be ActiveX, and always has been.
    >>
    >> "An ActiveX control can be an extremely insecure way to provide a
    >> feature. Because it is a Component Object Model (COM) object, it can
    >> do anything the user can do from that computer. It can read from and
    >> write to the registry, and it has access to the local file system.
    >> From the moment a user downloads an ActiveX control, the control may
    >> be vulnerable to attack because any Web application on the Internet
    >> can repurpose it, that is, use the control for its own ends whether
    >> sincere or malicious."
    >>
    >> http://msdn2.microsoft.com/en-us/library/Aa752035.aspx

    >
    > Not unlike Firefox extensions:
    >
    > Anytime an application (such as Firefox) allows user code to execute
    > without being validated can open up security vulnerabilities. As a
    > developer it is your responsibility to ensure that your extension does not
    > open any vulnerabilities to the Firefox browser.
    >
    > http://www.rietta.com/firefox/Tutorial/security.html


    Yet, Firefox remains the MOST secure alternative than that crappware IE
    (Internet Exploit).

    --
    ....................
    http://www.vanwensveen.nl/rants/microsoft/IhateMS.html
    http://rixstep.com/1/20040719,00.shtml
    http://en.wikipedia.org/wiki/Linux
    http://www.ubuntu.com
    Au79, Oct 16, 2007
    #6
  7. Au79

    chuckcar Guest

    Au79 <> wrote in news:s%XQi.341066$:

    > Fuzzy Logic wrote:
    >
    >> wrote in
    >> news:4aa3h35bq41v8v13n2lg4lnti25i45tgtr@ 4ax.com:
    >>
    >>> chuckcar <> wrote:
    >>>
    >>>>Au79 <> wrote in news:O%gQi.1200$:
    >>>>
    >>>>> PC Retail - Hertford,England,UK
    >>>>>
    >>>>> Microsoft has admitted its role in a security weakness in Internet
    >>>>> Explorer that saw malicious websites installing and enabling the
    >>>>> running of harmful code ...
    >>>
    >>>>No kidding, it's called java <g>.
    >>>
    >>> No that would be ActiveX, and always has been.
    >>>
    >>> "An ActiveX control can be an extremely insecure way to provide a
    >>> feature. Because it is a Component Object Model (COM) object, it can
    >>> do anything the user can do from that computer. It can read from and
    >>> write to the registry, and it has access to the local file system.
    >>> From the moment a user downloads an ActiveX control, the control may
    >>> be vulnerable to attack because any Web application on the Internet
    >>> can repurpose it, that is, use the control for its own ends whether
    >>> sincere or malicious."
    >>>
    >>> http://msdn2.microsoft.com/en-us/library/Aa752035.aspx

    >>
    >> Not unlike Firefox extensions:
    >>
    >> Anytime an application (such as Firefox) allows user code to execute
    >> without being validated can open up security vulnerabilities. As a
    >> developer it is your responsibility to ensure that your extension
    >> does not open any vulnerabilities to the Firefox browser.
    >>
    >> http://www.rietta.com/firefox/Tutorial/security.html

    >
    > Yet, Firefox remains the MOST secure alternative than that crappware
    > IE (Internet Exploit).
    >


    No, just nobodys put as much effort into *finding* the holes that are
    surely there.

    --
    (setq (chuck nil) car(chuck) )
    chuckcar, Oct 16, 2007
    #7
  8. Au79

    Fuzzy Logic Guest

    Au79 <> wrote in news:s%XQi.341066$:

    > Fuzzy Logic wrote:
    >
    >> wrote in
    >> news:4aa3h35bq41v8v13n2lg4lnti25i45tgtr@ 4ax.com:
    >>
    >>> chuckcar <> wrote:
    >>>
    >>>>Au79 <> wrote in news:O%gQi.1200$:
    >>>>
    >>>>> PC Retail - Hertford,England,UK
    >>>>>
    >>>>> Microsoft has admitted its role in a security weakness in Internet
    >>>>> Explorer that saw malicious websites installing and enabling the
    >>>>> running of harmful code ...
    >>>
    >>>>No kidding, it's called java <g>.
    >>>
    >>> No that would be ActiveX, and always has been.
    >>>
    >>> "An ActiveX control can be an extremely insecure way to provide a
    >>> feature. Because it is a Component Object Model (COM) object, it can
    >>> do anything the user can do from that computer. It can read from and
    >>> write to the registry, and it has access to the local file system.
    >>> From the moment a user downloads an ActiveX control, the control may
    >>> be vulnerable to attack because any Web application on the Internet
    >>> can repurpose it, that is, use the control for its own ends whether
    >>> sincere or malicious."
    >>>
    >>> http://msdn2.microsoft.com/en-us/library/Aa752035.aspx

    >>
    >> Not unlike Firefox extensions:
    >>
    >> Anytime an application (such as Firefox) allows user code to execute
    >> without being validated can open up security vulnerabilities. As a
    >> developer it is your responsibility to ensure that your extension does
    >> not open any vulnerabilities to the Firefox browser.
    >>
    >> http://www.rietta.com/firefox/Tutorial/security.html

    >
    > Yet, Firefox remains the MOST secure alternative than that crappware IE
    > (Internet Exploit).


    All browsers have and will continue to have vulnerabilities. If you like
    Firefox by all means use it. Switching just becuase you wish to be 'more
    secure' will only get you different security issues. Of course Opera fans
    will tell you it's the MOST secure alternative.

    Note that Mozilla's top security person correctly states that Firefox is
    not necessarily 'more secure':

    So the answer, in one word: Is Firefox more secure than Internet Explorer?
    Snyder: I don't think there is a one-word answer for that question.

    Read the entire interview here:

    http://www.news.com/2102-7355_3-6117896.html?tag=st.util.print
    Fuzzy Logic, Oct 16, 2007
    #8
  9. Au79

    Mr. Arnold Guest

    <> wrote in message
    news:...
    > chuckcar <> wrote:
    >
    >>Au79 <> wrote in news:O%gQi.1200$:
    >>
    >>> PC Retail - Hertford,England,UK
    >>>
    >>> Microsoft has admitted its role in a security weakness in Internet
    >>> Explorer that saw malicious websites installing and enabling the
    >>> running of harmful code ...

    >
    >>No kidding, it's called java <g>.

    >
    > No that would be ActiveX, and always has been.
    >
    > "An ActiveX control can be an extremely insecure way to provide a
    > feature. Because it is a Component Object Model (COM) object, it can
    > do anything the user can do from that computer. It can read from and
    > write to the registry, and it has access to the local file system.
    > From the moment a user downloads an ActiveX control, the control may
    > be vulnerable to attack because any Web application on the Internet
    > can repurpose it, that is, use the control for its own ends whether
    > sincere or malicious."
    >
    > http://msdn2.microsoft.com/en-us/library/Aa752035.aspx



    One uses unsigned ActiveX controls at their own risk. IE can be configured
    to not install unsigned ActiveX controls without user permission and even
    with signed ActiveX controls one can be prompted. There is a reason a
    developer creates signed ActiveX controls.

    It's really based upon the user, and their ability to configure a solution
    properly. Who is sitting behind the wheel?
    Mr. Arnold, Oct 18, 2007
    #9
  10. Au79

    Guest

    "Mr. Arnold" <MR. > wrote:

    >> http://msdn2.microsoft.com/en-us/library/Aa752035.aspx

    >
    >
    >One uses unsigned ActiveX controls at their own risk. IE can be configured
    >to not install unsigned ActiveX controls without user permission and even
    >with signed ActiveX controls one can be prompted. There is a reason a
    >developer creates signed ActiveX controls.


    >It's really based upon the user, and their ability to configure a solution
    >properly. Who is sitting behind the wheel?


    True, the same can be said about buffer overflows, They can be
    prevented by better programming.

    --

    Survival
    http://www.tuxick.net/pics/humor/art-of-survival.jpg
    , Oct 18, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dragon
    Replies:
    21
    Views:
    812
    catwalker63
    Nov 18, 2004
  2. Voodoo

    Microsoft admits "critical" flaw

    Voodoo, Feb 10, 2004, in forum: Computer Support
    Replies:
    5
    Views:
    409
    B.Al.Zeebub
    Feb 11, 2004
  3. Au79
    Replies:
    0
    Views:
    403
  4. Mutley

    Microsoft Admits WGA Phones Home

    Mutley, Jun 10, 2006, in forum: NZ Computing
    Replies:
    1
    Views:
    332
    Peter Huebner
    Jun 10, 2006
  5. Mutlley

    Microsoft admits Vista failure

    Mutlley, Jul 26, 2007, in forum: NZ Computing
    Replies:
    15
    Views:
    533
    Jonathan Walker
    Aug 17, 2007
Loading...

Share This Page