1996-12-17 - Re: Securing ActiveX.

Header Data

From: Ray Arachelian <sunder@brainlink.com>
To: Nelson Minar <nelson@media.mit.edu>
Message Hash: 61750e79375a8ab99f07fbdc62250c0290f744e881da808a0aa330c5909a2e53
Message ID: <Pine.SUN.3.91.961216233902.19927B-100000@beast.brainlink.com>
Reply To: <cpa7mmi2jsc.fsf@hattrick.media.mit.edu>
UTC Datetime: 1996-12-17 04:39:14 UTC
Raw Date: Mon, 16 Dec 1996 20:39:14 -0800 (PST)

Raw message

From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 16 Dec 1996 20:39:14 -0800 (PST)
To: Nelson Minar <nelson@media.mit.edu>
Subject: Re: Securing ActiveX.
In-Reply-To: <cpa7mmi2jsc.fsf@hattrick.media.mit.edu>
Message-ID: <Pine.SUN.3.91.961216233902.19927B-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain

On 16 Dec 1996, Nelson Minar wrote:

> On Sat, 14 Dec 1996 ichudov@algebra.com wrote:
> >I do not understand how one can secure ActiveX.
> Me neither! But the approach of requiring code signatures so you can
> at least break the fingers of whomever damaged your machine does have
> some merit.

And just where is this signature stored, hrmmm?  On your hard drive? Real 
useful when the log is stored somewhere the nasty program can earase, no?

Alternatively, a component can easily just modify your autoexec.bat to
install a time bomb or do other things and you won't recall that two
months ago you visited Billy Vulis's KOTM shop of spam.  When was the last
time you looked in your AUTOEXEC.BAT file? 

.+.^.+.|  Ray Arachelian    | "If  you're  gonna die,  die  with your|./|\.
..\|/..|sunder@sundernet.com|boots on;  If you're  gonna  try,  just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin,  |you're gonna die, you're gonna die!"    |.\|/.
.+.v.+.|God of screwdrivers"|  --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================