[4321] in WWW Security List Archive
Re: ActiveX Bank-Quicken Exploit
daemon@ATHENA.MIT.EDU (David Kennedy)
Mon Feb 10 13:46:46 1997
Date: 10 Feb 97 11:15:05 EST
From: David Kennedy <76702.3557@compuserve.com>
To: John Johnson <novatech@nectar.com.au>,
WWW Security List <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
>why did these folks go public??? they knew there exploit would
>make it too far but that the implications make everything
>insecure... now lets not bragg about what would happen maybe
>when...
>Lets get on with finding a solution shall we???
Chaos Computer Club challenges the notion that hackers (modern vernacular) have
no redeeming virutes. They have in the past worked with financial institutions
to reveal vulnerabilities with what at least appear to be nobel motives. Can I
assure folks that they aren't so good they to illicitly get into other people's
systems? Nope. But they have for some time presented the image of what I'll
call socially-resposible hacking.
These folks are competent. They have worked like this in the past. This is why
I immediately judged their latest claims to be true.
As to solutions? Microsoft, Intuit and the users have to come to grips with
this. At a macro level this is almost a virus like issue. You don't run
untrusted code on your machine, as you. Probably why unix viruses never took
off.
___________________
Dave Kennedy CISSP
Protect what you connect
Look both ways before crossing the Net
National Computer Security Assoc
