Firewalls: Re: [NTSEC] ActiveX, MSIE and Quicken

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [NTSEC] ActiveX, MSIE and Quicken
From:	Todd Graham Lewis <lists @ reflections . mindspring . com>
Date:	Sat, 1 Feb 1997 21:28:51 -0500 (EST)
To:	Adam Shostack <adam @ homeport . org>
Cc:	Russ <Russ . Cooper @ RC . on . ca>, firewalls @ GreatCircle . COM
In-reply-to:	<199702020209 . VAA02207 @ homeport . org>

On Sat, 1 Feb 1997, Adam Shostack wrote:

> Russ wrote:
>
> | 2. If they previously had told IE to accept all signed certificates,
> | then they chose to leave their machine wide open, again, why is that
> | ActiveX's fault?
> 
> 	Lets say that the user is in class one, and makes a mistake.
> 	They've could have just accepted a malicious applet that
> changes their IE config into class two.  Or perhaps it adds a trusted
> CA.

Or maybe it fires up Frontpage and slaps the same thing on an internal web
page.  Etc., ad nauseum.

Russ, when you continue to argue that "ActiveX/OLE has always been an
insecure, crappy technology; the only difference is that it's now on the
web", I really fail to see your point.  Maybe you could fill me in. 

__
Todd Graham Lewis          Mindspring Enterprises      tlewis @
 mindspring .
 com

References:

Re: [NTSEC] ActiveX, MSIE and Quicken
From: Adam Shostack <adam @ homeport . org>

Indexed By Date	Previous:	Re: [NTSEC] ActiveX, MSIE and Quicken From: Adam Shostack <adam @ homeport . org>
Indexed By Date	Next:	Re: Sidewinder vs. Cyberguard From: Matthew Patton <patton @ sysnet . net>
Indexed By Thread	Previous:	Re: [NTSEC] ActiveX, MSIE and Quicken From: Adam Shostack <adam @ homeport . org>
Indexed By Thread	Next:	RE: [NTSEC] ActiveX, MSIE and Quicken From: Russ <Russ . Cooper @ RC . on . ca>