Critique of CyberInsecurity report

James A. Donald jamesd at echeque.com
Sat Sep 27 09:05:41 PDT 2003


    --
On 26 Sep 2003 at 17:30, Sunder wrote:
> Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, 
> only it works over the web.  A user just goes to a web page, 
> and a user at the other end can take over their machine 
> because IE allows such software to run!
>
> Ok, at least WebX is a commercial product designed to provide 
> tech support, and asks if it's ok to allow it, but if it's 
> technically possible to do it for legitimate reasons, it's 
> technically feasable to do it for rogue reasons too.

IE first checks that the software is digitally signed, and then 
asks the user do you want to run this software signed by so and 
so.   Then IE allows it to run.

You do not just go to the web page.  You go to the web page and
IE asks if this is OK.

Of course there are lots and lots of web pages that say "Hey, 
click here to view me naked -- just click yes to all the stupid 
dialogs that come up" 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7
     4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio





More information about the cypherpunks-legacy mailing list