[opendtv] Re: It's Active X, not IE

  • From: "John Willkie" <johnwillkie@xxxxxxxxxx>
  • To: <opendtv@xxxxxxxxxxxxx>
  • Date: Mon, 5 Jul 2004 02:35:10 +0100

IE itself is a collection of ActiveX objects harnessed into an application,
as is any relatively sophisticated program that runs on Windows.  Just run a
file scan for files ending in *.ocx or *.oca.  It's also COM/COM+ objects
(*.dll.)  Unless the programmer wants to create everything from scratch.

Also, wasn't the posting from the Computer Emergency Response Team (CERT)
(www.cert.org) at Carnegie-Mellon University (an organization created after
the son of a former landlord of mine was caught using C-M equipment to
create a virus in the late 1980's?  Not, the Department of Homeland
Security's CERT.  Note the first item on the right hand side of the page.

One should also note that Windows Update had at least a partial fix for the
ADODB part (which stands for Active X data objects for database access)
available last night.  I've already loaded it on three computers.

There is another way to prevent it.  Load Spybot search & destroy.  Put the
application into immunize mode.  When you're prompted to approve or deny the
registry change (a feature of immunize mode) when the object trys to insert
itself, just deny it.  Total cost: zero.  (Spybot accepts donations.)

John Willkie

-----Original Message-----
From: opendtv-bounce@xxxxxxxxxxxxx
[mailto:opendtv-bounce@xxxxxxxxxxxxx]On Behalf Of Manfredi, Albert E
Sent: Sunday, July 04, 2004 11:14 PM
To: OpenDTV (E-mail)
Subject: [opendtv] It's Active X, not IE


U.S., citing security concerns, steers consumers away from IE
By Loring Wirbel , EE Times
July 02, 2004 (12:06 PM EDT)
URL: http://www.eet.com/article/showArticle.jhtml?articleId=3D22103358

COLORADO SPRINGS, Colo. - The Department of Homeland Security's
U.S. Computer Emergency Readiness Team touched off a storm this
week when it recommended for security reasons using browsers
other than Microsoft Corp.'s Internet Explorer.

The Microsoft browser, the government warned, cannot protect
against vulnerabilities in its Internet Information Services
(IIS) 5 server programs, which a team of hackers allegedly
based in Russia has exploited with a JavaScript that is appended
to Web sites.

The particular virus initiated this week inserts JavaScript into
certain Web sites. When users visit those sites, it initiates
pop-up ads on home and office computers, and allows keystroke
analysis of user information. The target is believed to be credit
card numbers. CERT estimated that as many as tens of thousands of
Web sites may be affected.

CERT said vulnerabilities in IIS and IE could include MIME- type
determination, the DHTML object model, the IE domain/zone
security model and ActiveX scripts. Alternative browsers such as
Mozilla or Netscape may not protect users, the agency warned, if
those browsers invoke ActiveX control or HTML rendering engines.

The only defense may be completely disabling scripting and
ActiveX controls.

Microsoft said earlier in the week it is working with law
enforcement officials to identify the source of the latest
Internet virus.

Copyright 2003 CMP Media


----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:

- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org

- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.


 
 
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:

- Using the UNSUBSCRIBE command in your user configuration settings at 
FreeLists.org 

- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word 
unsubscribe in the subject line.

Other related posts:

  1. Home
  2. opendtv
  3. Archive
  4. 07-2004