Firewalls: Re: [NTSEC] ActiveX, MSIE and Quicken

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [NTSEC] ActiveX, MSIE and Quicken
From:	Bob Beck <beck @ obtuse . com>
Date:	Sat, 1 Feb 1997 23:56:15 -0700 (MST)
To:	Russ . Cooper @ RC . on . ca (Russ)
Cc:	adam @ homeport . org, lists @ reflections . mindspring . com, firewalls @ GreatCircle . COM
In-reply-to:	<41FDA823FC5AD011A0970000E8D5C667029390 @ mail . rc . on . ca> from "Russ" at Feb 1, 97 11:40:48 pm

> To try and keep this on a Firewalls vein. The tunneling of anything over
> HTTP is, in my opinion, the crappy technology. That goes for Java
> applets or certificate authentication for that matter. I don't like the
> idea of combining diverse tasks within a single channel if its possible
> to avoid it, and it is possible, so the only reason its not being done
> is to USURP FIREWALLS.

	Perhaps if you're using only a packet filter yes, but
hopefully on a real firewall you're proxying your http, and there's
nothing at all to "USURP". You recognize it, and deal with it in the
proxy.
	
	Notwithstanding that, doing embedded "stuff" like this is
normal, and doing evil with it is a lot older than http:

----------------------
oldvax%mail bigluser @
 sucker .
 org
Subject: Hey Dude, Try this neat new script out..
#!/bin/sh
[ insert hack here - trojan .login to mail me their password next time]
[ etc. etc. ]

References:

RE: [NTSEC] ActiveX, MSIE and Quicken
From: Russ <Russ . Cooper @ RC . on . ca>

Indexed By Date	Previous:	Re: Dave at McGraw Hill From: Rabid Wombat <wombat @ mcfeely . bsfs . org>
Indexed By Date	Next:	Re: SATAN user group? From: Can Baysal <baysalc @ boun . edu . tr>
Indexed By Thread	Previous:	RE: [NTSEC] ActiveX, MSIE and Quicken From: Russ <Russ . Cooper @ RC . on . ca>
Indexed By Thread	Next:	RE: [NTSEC] ActiveX, MSIE and Quicken From: "Paul D. Robertson" <proberts @ clark . net>