[2611] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (David M. Chess)
Wed Aug 14 15:28:00 1996
Date: Wed, 14 Aug 96 12:31:05 EDT
From: "David M. Chess" <CHESS@watson.ibm.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> From: garym@softshore.com.au (Gary Meltzer)
> How does this control differ from an HTML page that tells
> readers to turn the power switch off?
Sorry, is this a trick question? *8) The difference is
between saying "Please erase all your files now", and saying
"Click here (and then say "OK" on the silly security box)
to run my cool new weather-predicting application!". Many
more people will get caught by the latter...
DC
