On Tue, 4 Mar 1997, John Lehmann (SSASyd) wrote: [ ActiveX discussion snipped ]
Perhaps an interesting "nudie screensaver" control could be made to mail any Root.cer Cert.cer and Cert.spc (I guess) files lying around on the target computer to a well known mailing-list...
One wonders whether it would even be illegal. *sigh* I suppose it would be.
This may be feasible without resorting to ActiveX. Microsoft IE 3.0 has a nifty security bug that allows a malicious WWW page to run arbitrary programs (e.g. "format c: /y"). Details (and a demo that starts the Windows calculator locally) are at http://www.cybersnot.com/iebug.html There are "uploader" programs for WWW servers; one of these should be modifiable to look for %PGPPATH%/secring.pgp without prompting... The great (?) thing about this bug is that, since there is no confirmation and the rogue programs don't use ActiveX or Java, you can't prevent a site from trashing your PC. (Except by trashing your copy of IE.) Microsoft will have a fix out Real Soon Now, of course... Cynthia =============================================================== Cynthia H. Brown, P.Eng. E-mail: cynthb@iosphere.net | PGP Key: See Home Page Home Page: http://www.iosphere.net/~cynthb/ Junk mail will be ignored in the order in which it is received. Klein bottle for rent; enquire within.