funsec mailing list archives

Re: MoAxB - A month ain't long enough for ActiveX

From: "Fergie" <fergdawg () netzero net>
Date: Thu, 3 May 2007 23:42:12 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Richard M. Smith" <rms () computerbytesman com> wrote:

FYI.  I actually think that a year plus is needed to list all of the
security and DoS bugs in ActiveX controls.

A few days ago, I reported a crash bug to the Microsoft security folks in
their newly release Silverlight ActiveX control (See
http://www.microsoft.com/silverlight/install.aspx).  I'm not sure if the
bug is exploitable or not.  Delivering a secure/DoS-free ActiveX control
wirtten in C/C++ on the first try appears to be an impossible task.....


Just wait until you see this headline:

"Web 2.0 Kills the Internet. Film at 11:00."

Just wait. :-)

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGOnNNq1pz9mNUZTMRAidBAJ44R4N00594tXWUoA4Og8H34EJWYgCeOBqD
hrCYUhjBlAoKh9N58Sd91PQ=
=guYj
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

MoAxB - A month ain't long enough for ActiveX Richard M. Smith (May 03)
- <Possible follow-ups>
- Re: MoAxB - A month ain't long enough for ActiveX Fergie (May 03)