Critique of CyberInsecurity report
James A. Donald
jamesd at echeque.com
Sat Sep 27 09:05:41 PDT 2003
--
On 26 Sep 2003 at 17:30, Sunder wrote:
> Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu,
> only it works over the web. A user just goes to a web page,
> and a user at the other end can take over their machine
> because IE allows such software to run!
>
> Ok, at least WebX is a commercial product designed to provide
> tech support, and asks if it's ok to allow it, but if it's
> technically possible to do it for legitimate reasons, it's
> technically feasable to do it for rogue reasons too.
IE first checks that the software is digitally signed, and then
asks the user do you want to run this software signed by so and
so. Then IE allows it to run.
You do not just go to the web page. You go to the web page and
IE asks if this is OK.
Of course there are lots and lots of web pages that say "Hey,
click here to view me naked -- just click yes to all the stupid
dialogs that come up"
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7
4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio
More information about the cypherpunks-legacy
mailing list