Critique of CyberInsecurity report

Sunder sunder at sunder.net
Sat Sep 27 10:58:20 PDT 2003 

Yup, and also don't forget all the security holes in IE that would allow
even more enjoyable fun stuff... things that are(were?) exploited by
scumware sites such as Xupiter that installed themselves into IE and
allowed pop-up ads from hell.

[Sorry about the previous message, had lots of typos in there... should
have proofread it before sending. :)  ]


----------------------Kaos-Keraunos-Kybernetos---------------------------
 + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of   /|\
  \|/  :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\
<--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech.  \/|\/
  /|\  :Found to date: 0.  Cost of war: $800,000,000,000 USD.        \|/
 + v + :           The look on Sadam's face - priceless!       
--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------

On Sat, 27 Sep 2003, James A. Donald wrote:

>     --
> On 26 Sep 2003 at 17:30, Sunder wrote:
> > Ever seen WebX? - it's like PCAnywhere, or VNC or TimbukTu, 
> > only it works over the web.  A user just goes to a web page, 
> > and a user at the other end can take over their machine 
> > because IE allows such software to run!
> >
> > Ok, at least WebX is a commercial product designed to provide 
> > tech support, and asks if it's ok to allow it, but if it's 
> > technically possible to do it for legitimate reasons, it's 
> > technically feasable to do it for rogue reasons too.
> 
> IE first checks that the software is digitally signed, and then 
> asks the user do you want to run this software signed by so and 
> so.   Then IE allows it to run.
> 
> You do not just go to the web page.  You go to the web page and
> IE asks if this is OK.
> 
> Of course there are lots and lots of web pages that say "Hey, 
> click here to view me naked -- just click yes to all the stupid 
> dialogs that come up" 
> 
>     --digsig
>          James A. Donald
>      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
>      EVBFXSY8i4yhJTutdCL23/zyQbi/geQCUHZqoCr7
>      4J07R9CO6/ynTCaqgsY63x7wtTEVaTRpK5nt5xMio

More information about the cypherpunks-legacy mailing list