Great Circle Associates Firewalls
(November 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: ActiveX and RISKS
From: carson @ lehman . com
Date: Tue, 19 Nov 1996 19:01:29 -0500
To: Doug Wellington <doug @ sun1paztcn . wr . usgs . gov>
Cc: peter @ baileynm . com (Peter da Silva), firewalls @ GreatCircle . COM
In-reply-to: <9611192128 . AA13263 @ sun1paztcn . wr . usgs . gov>
References: <9611191815 . AA05092 @ sonic . nmti . com . nmti . com> <9611192128 . AA13263 @ sun1paztcn . wr . usgs . gov>
Reply-to: carson @ lehman . com 
The problem with ActiveX (as implemented by IE) is simple:

Users decide who they trust

Users are _not_ qualified to make those decisions. I know of very few
traders who, when offered a XXX strip-poker ActiveX gizmo, won't click
accept. And, as I understand it, once they've accepted one (possibly
innocuous) ActiveX control from a site, they will no longer be prompted for
confirmation. So, what happens if the site is malicious? Or, in a faw worse
case, their private key material is compromised? Microsoft has provided no
key revocation mechanism. So even if I discover that Microsoft (just as an
example of a "trusted" signature) has been compromised, there is no way to
protect my users from bogus code.

I don't know which is worse, ignoring security completely, or giving users
broken security as a pacifier.

--
Carson Gaspar -- carson @
 cs .
 columbia .
 edu carson @
 lehman .
 com
http://www.cs.columbia.edu/~carson/home.html
<This is the boring business .sig - no outre sayings here>
Follow-Ups:
References:
Indexed By Date Previous: RE: Microsoft Proxy 1.0/ Firewall-1
From: Sven Dowideit <SvenDowideit @ cit . com . au>
Next: RouteD VS. GateD
From: Jonathan Arcilla <jonats @ adn . edu . ph>
Indexed By Thread Previous: Re: ActiveX and RISKS
From: "Paul D. Robertson" <proberts @ clark . net>
Next: Re: ActiveX and RISKS
From: Adam Shostack <adam @ homeport . org>
Google
 
Search Internet Search www.greatcircle.com