On Sat, 1 Feb 1997, Adam Shostack wrote:
> Russ wrote:
> | 2. If they previously had told IE to accept all signed certificates,
> | then they chose to leave their machine wide open, again, why is that
> | ActiveX's fault?
> Lets say that the user is in class one, and makes a mistake.
> They've could have just accepted a malicious applet that
> changes their IE config into class two. Or perhaps it adds a trusted
Or maybe it fires up Frontpage and slaps the same thing on an internal web
page. Etc., ad nauseum.
Russ, when you continue to argue that "ActiveX/OLE has always been an
insecure, crappy technology; the only difference is that it's now on the
web", I really fail to see your point. Maybe you could fill me in.
Todd Graham Lewis Mindspring Enterprises tlewis @