From: "Cynthia H. Brown" <cynthb@sonetis.com>
Date: Tue, 4 Mar 1997 12:40:49 -0800 (PST)
To: "John Lehmann (SSASyd)" <LEHMANNJ@saatchi.com.au>
Subject: RE: It is time to break Authenticode
In-Reply-To: <331BEF9B@smtp.saatchi.com.au>
Message-ID: <Pine.BSD/.3.91.970304150102.18186A-100000@mrburns.iosphere.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 4 Mar 1997, John Lehmann (SSASyd) wrote:

[ ActiveX discussion snipped ]

> Perhaps an interesting "nudie screensaver" control could be made to mail   
> any Root.cer Cert.cer and Cert.spc (I guess) files lying around on the   
> target computer to a well known mailing-list...
> 
> One wonders whether it would even be illegal. *sigh* I suppose it would   
> be.

This may be feasible without resorting to ActiveX.  Microsoft IE 3.0 has a
nifty security bug that allows a malicious WWW page to run arbitrary
programs (e.g. "format c: /y").  Details (and a demo that starts the
Windows calculator locally) are at

  http://www.cybersnot.com/iebug.html

There are "uploader" programs for WWW servers; one of these should be
modifiable to look for %PGPPATH%/secring.pgp without prompting... 

The great (?) thing about this bug is that, since there is no confirmation
and the rogue programs don't use ActiveX or Java, you can't prevent a site
from trashing your PC.  (Except by trashing your copy of IE.)

Microsoft will have a fix out Real Soon Now, of course...

Cynthia

===============================================================
		   Cynthia H. Brown, P.Eng.
E-mail:     cynthb@iosphere.net  | PGP Key:  See Home Page
Home Page:  http://www.iosphere.net/~cynthb/
Junk mail will be ignored in the order in which it is received.

        Klein bottle for rent; enquire within.