Re: (no subject)

[Nick FitzGerald <nick () virus-l demon co uk>]

Muhstik Botha <muhstik () yahoo com> wrote:

> I just accessed a page which ejects my CD-ROM tray. Is this
> consider privacy or security breaching? I'm no expert on pertinent
> subject. For me, i don't like ppl be able to fool around with my
> CDROM tray when i open their website. Any comments? Thanks.
>
> I checked the site and it contains :
<<snip>>

It is only a security or privacy breach to the extent that you allow 
your browser to run arbitrary scripts that can access the ActiveX 
controls (i.e. potentially arbitrary programs) you allow to be 
installed and enabled on your machine and to which whoever writes 
those ActiveX controls allows them to do more than their 
documentation, etc suggests they will.

As the ActiveX control in question here was written by Microsoft and 
as Microsoft has a very poor track record of comprehending the real 
world's security and privacy sensitivities, I'd say that arbitrary 
script being able to control your CD drive tray control via ActiveX 
would be within the "expected par for the course".

Of course, whether it "should be" thus is another matter altogether.
For the answer to that, perhaps you should direct your question to 
Bill's latest large-scale marketing and PR team running a campaign 
known as "Trustworthy Computing"...


Regards,

Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html