Full Disclosure mailing list archives
Re: (no subject)
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 23 Jun 2003 23:32:05 +1300
Muhstik Botha <muhstik () yahoo com> wrote:
I just accessed a page which ejects my CD-ROM tray. Is this consider privacy or security breaching? I'm no expert on pertinent subject. For me, i don't like ppl be able to fool around with my CDROM tray when i open their website. Any comments? Thanks. I checked the site and it contains :
<<snip>> It is only a security or privacy breach to the extent that you allow your browser to run arbitrary scripts that can access the ActiveX controls (i.e. potentially arbitrary programs) you allow to be installed and enabled on your machine and to which whoever writes those ActiveX controls allows them to do more than their documentation, etc suggests they will. As the ActiveX control in question here was written by Microsoft and as Microsoft has a very poor track record of comprehending the real world's security and privacy sensitivities, I'd say that arbitrary script being able to control your CD drive tray control via ActiveX would be within the "expected par for the course". Of course, whether it "should be" thus is another matter altogether. For the answer to that, perhaps you should direct your question to Bill's latest large-scale marketing and PR team running a campaign known as "Trustworthy Computing"... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- (no subject) cyn0n (Jun 18)
- Re: (no subject) Blue Boar (Jun 18)
- <Possible follow-ups>
- (no subject) Simon Lorentsen (Jun 18)
- (no subject) Muhstik Botha (Jun 22)
- Re: (no subject) morning_wood (Jun 22)
- Re: (no subject) Nick FitzGerald (Jun 23)
- Re: (no subject) petard (Jun 23)
- (no subject) ATD (Jun 27)
- RE: (no subject) Schmehl, Paul L (Jun 27)