[COMP] [Fwd: MS signed softwrare privileges]

Wonderful.  Read and be shocked, folks.  Another privacy stealer from
the beast in Redmond.  This is a posting on BugTRAQ.  

John



cuartango@xxxxxxxxxxx wrote:
> 
> I would like to clarify some aspects from the Elias post
> regarding Microsoft signed software.
> The fact that anybody could install MS signed software
> using Active Setup component in not very important.
> The issue is : MS can silently execute any code in our
> Windows systems just using their signature.
> MS has privileged their code, even if your IE security
> setting "Download signed ActiveX" is set to prompt MS
> software will be installed without prompting the user.
> It seems that MS has left a back door that will allow them
> to perform any action in the Windows systems just visiting
> a WEB page or opening an e-mail message.
> I have prepared a demo in :
> http://www.angelfire.com/ab/juan123/iengine.html
> 
> This demo shows the diferent behaviour of IE when the
> ActiveX is signed by MS or signed by others.
> 
> This issue opens a big security and privacy hole, MS can
> take complete control over our systems using this backdoor.
> 
> In this backdoor acceptable ?
> In my opinion It is not, I have worked 18 years for
> diferent OS software manufacturers and I have never
> installed one line of code without a previous user approval.



-- 
# John Madden  weez@xxxxxxxxxxxxxx ICQ: 2EB9EA
# Sys-Admin / Webmaster, Avenir Web: http://avenir.dhs.org
# LANdb: Network Admin Database - http://avenir.dhs.org/landb/ 
# "A kernel compile a day keeps the blue screens away."
========================================
Avenir Web's Computers Mailing List

List Modes, Subscription, and General Info:
Go to http://avenir.dhs.org/mailing.html
List Archives: http://avenir.dhs.org/archives/
Administrative Contact: webmaster@xxxxxxxxxxxxxx

Get computer help: http://avenir.dhs.org
========================================

Other related posts: