[2617] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Alan Olsen)
Wed Aug 14 22:17:15 1996
Date: Wed, 14 Aug 1996 11:18:33 -0700
To: garym@softshore.com.au (Gary Meltzer), Stephen Cobb <stephen@iu.net>
From: Alan Olsen <alano@teleport.com>
Cc: trei@process.com, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 11:27 AM 8/14/96 GMT, Gary Meltzer wrote:
>On Tue, 13 Aug 1996 17:57:52 -0400, stephen@iu.net wrote:
>
>>>Some guy has written an ActiveX control which crashes windoze95... I don't
>>>use windoze so can't try it, but if someone else is brave, I'd love to know
>>>if it works...
>>>
>>
>>Yes, it works, turns off the machine...quite impressive.
>
>Which part do people find the most impressive? -
>that the Win95 shutdown API works as documented
>or that all these security experts are downloading and running
>software designed to do something they don't want?
>
>How does this control differ from an HTML page that tells
>readers to turn the power switch off?
Quite a bit.
The question I have is "If this had been signed by an "authoritative source"
(such as Microsoft), would these dialogs pop up in the first place?
An example would be if I worked for company X, wrote an app that read off
all the names on your PGP keyring and had it signed by the appropreate app
signing service, would there be any waring for the "victim"?" Probibly not.
The problem with the ActiveX security model is it assumes that you can trust
the company who is doing the signing to be operating in your best interest
and be vigilant for dangerous and bad apps. I do consider pleas to
authority to be a good security model. There are far to many people with
far to many motivations to have this model add to my level of security.
At least Java tries to prevent these apps from being able to be written in
the first place. Active X says trust an app signed by Microsoft and
anything they want goes. (I trust Microsoft about as far as I can throw a
General Protection Fault.)
The ActiveX security model is not a security model. It is an act of
religious faith.
---
Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
`finger -l alano@teleport.com` for PGP 2.6.2 key
http://www.teleport.com/~alano/
"We had to destroy the Internet in order to save it." - Sen. Exon
"Microsoft -- Nothing but NT promises."
