Yup, and also don't forget all the security holes in IE that would allow even more enjoyable fun stuff... things that are(were?) exploited by scumware sites such as Xupiter that installed themselves into IE and allowed pop-up ads from hell. [Sorry about the previous message, had lots of typos in there... should have proofread it before sending. :) ] ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Sat, 27 Sep 2003, James A. Donald wrote:
-- On 26 Sep 2003 at 17:30, Sunder wrote:
Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, only it works over the web. A user just goes to a web page, and a user at the other end can take over their machine because IE allows such software to run!
Ok, at least WebX is a commercial product designed to provide tech support, and asks if it's ok to allow it, but if it's technically possible to do it for legitimate reasons, it's technically feasable to do it for rogue reasons too.
IE first checks that the software is digitally signed, and then asks the user do you want to run this software signed by so and so. Then IE allows it to run.
You do not just go to the web page. You go to the web page and IE asks if this is OK.
Of course there are lots and lots of web pages that say "Hey, click here to view me naked -- just click yes to all the stupid dialogs that come up"
--digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7 4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio