[18327] in bugtraq
CERT's ActiveX security report
daemon@ATHENA.MIT.EDU (Richard M. Smith)
Fri Dec 22 18:46:23 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <ONEILKPECNHHJLENAGFMIEKGDIAA.rms@privacyfoundation.org>
Date: Fri, 22 Dec 2000 13:15:21 -0500
Reply-To: "Richard M. Smith" <rms@PRIVACYFOUNDATION.ORG>
From: "Richard M. Smith" <rms@PRIVACYFOUNDATION.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
This past summer, CERT sponsored a two-day workshop on
security issues with ActiveX controls. The
final report was just released today and is
available as a PDF file at the CERT Web site:
http://www.cert.org/reports/activeX_report.pdf
There is a lot of good information in the report about
how individuals and organizations can reduce security
risks in Internet Explorer when using ActiveX controls.
In addition, there is a section aimed at software
developers on how to create safer controls.
A good bit of the technical information in the report
has not been made public before.
Richard
