funsec mailing list archives
Re: "US-CERT: Turn Off ActiveX for Security"
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 11 Nov 2006 10:04:13 +1300
Paul Vixie wrote:
http://www.betanews.com/article/USCERT_Turn_Off_ActiveX_for_Security/1162483029
No news here -- as CERT says in the article, they have strongly suggested disabling ActiveX before. They've also -- about two years back IIRC -- suggested that IE is such a pile of steaming poo (OK -- that's my phrasing, not CERT's) that you'd be mad to allow it to be used for browsing on the Internet, and I don't recall them ever countermanding that suggestion. Until MS admits that the "restricted sites" zone is where "the internet as a whole" should be, by deafult, _AND_ makes it damn near impossible for idiots -- sorry, "unmanaged users" -- to alter those settings, it and its users necessarily face the other consequences of the extremely stupid "security design" of this browser and its almost "exploit at will" -- sorry, "ActiveX" -- technology. Of course, now that MS is also in the business of selling "additional" protective technologies do we think it is at all likely that MS will be much inclined to improve meatters in this regard? Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "US-CERT: Turn Off ActiveX for Security" Paul Vixie (Nov 09)
- Re: "US-CERT: Turn Off ActiveX for Security" Nick FitzGerald (Nov 10)