[4274] in WWW Security List Archive
RE: Sceptic about (Funds Transfer w/o PIN)
daemon@ATHENA.MIT.EDU (Brian Toole)
Fri Feb 7 00:48:58 1997
From: Brian Toole <btoole@oakmanor.com>
To: "'jay@homecom.com'" <jay@homecom.com>, WWW-SECURITY@ns2.rutgers.edu
Date: Thu, 6 Feb 1997 23:06:48 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
------ =_NextPart_000_01BC1482.6FA91FF0
Content-Type: text/plain
I was basing the "signed" part on the original little
blurb that showed up on the 30'th in the NT Security
list. (which I've attached at the end). I didn't see
any mention of that in the RISKS article either...
It looks like some others are also interested at least
a limited discussion, based on some of the other
threads that have spun off of this one.
--Brian
> I don't remember anything in the original story of the German Quicken
> hack on TV that had anything to do with a certificate. It was a
> demonstration on how ActiveX could be used to modify the hard drive of
> the system running the browser and one possible bad result. My
> knowledge of Microsoft's certification infrastructure is limited, but
> I
> have no reason to believe that a piece of ActiveX code is trusted just
> because it has a certificate associated with it -- if you want to
> fork()
> & exec() a new discussion of that I'd be happy to learn more.
>
>
------ =_NextPart_000_01BC1482.6FA91FF0
Content-Type: message/rfc822
Content-Description: [NTSEC] ActiveX, MSIE and Quicken
Message-ID: <m0vq4WI-000JEPC@black.koehntopp.de>
From: kris@koehntopp.de
Sender: owner-ntsecurity@iss.net
Reply-To: <kris@koehntopp.de>
To: ntsecurity@iss.net
Cc: firewalls@greatcircle.com
Subject: [NTSEC] ActiveX, MSIE and Quicken
Date: Thu, 30 Jan 1997 16:59:46 -0500
X-Priority: 3
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.0.1389.3)
Content-Type: text/plain
On german television, the financial feature "plusminus" showed
a performance of Chaos Computer Club people. They managed to
create a signed ActiveX applet, which fired up Quicken, created
a transaction and shut Quicken down again.
I have no details. Please contact
Lutz Donnerhacke
Marktstrasse 17
07747 Jena
Tel. 03641-380259
Lutz.Donnerhacke@jena.thur.de
or Steffen.Peter@jena.thur.de
for details, code and stuff.
Kristian
------ =_NextPart_000_01BC1482.6FA91FF0--
