Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ActiveX controls within an Intranet Environment

from [GuidoZ] Network Security [Permanent Link]
Subject: Re: ActiveX controls within an Intranet Environment
Date: Fri, 26 Nov 2004 17:49:08 -0800 
Hello Marian! I was under the same situation before. One of the
companies I was supporting used a proprietary ActiveX control to
handle some of their business. Unfortunately, this made weaning them
off of IE next to impossible. ActiveX in itself is inherentely
insecure and should be avoided when possible, IMHO.

Eventually I was able to have them move to a Java based solution
instead which helepd with security AND allowed cross browser/platform
capability. Was wonderful news when it was finally implemented and
everythign was working.

I never tried to do any real studies on the actual risks involved with
that particular app, although most are aware of the risks associated
with ActiveX as a whole. Just link Windows, it wasn't designed with
security in mind, but with functionality instead. Doing some quick
Google searches on "activex risks" or "activex security" should reveal
a plethora of resources and information on the topic.

--
Peac.e ~G


On Fri, 26 Nov 2004 13:48:57 +1300, Marian Fitzgerald
<marian.fitzgerald012@msd.govt.nz> wrote:

Hello all,

I am carrying out a risk assessment on an application that we are
looking to deploy internally - however there is a dependency on ActiveX
by the app. I am constantly receiving security updates on the
vulnerabilities associated with using ActiveX but would like to be able
to quantify the risks appropriately. Could you offer any input on this?

Thank you
Marian

 -------------------------------
 This email message and any attachment(s) is intended only for the
 person(s) or entity(entities) to whom it is addressed. The
 information it contains may be classified as IN CONFIDENCE and may be
 legally privileged. If you are not the intended recipient any use,
 disclosure or copying of the message or attachment(s) is strictly
 prohibited. If you have received this message in error please
 notify us immediately and destroy it and any attachment(s).
 Thank you. The Ministry of Social Development accepts no
 responsibility for changes made to this message or to any
 attachment(s) after transmission from the Ministry.
 -------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Article - A solution to phishing, Paul Johnston
Next by Date:  Re: Article - A solution to phishing, focus
Previous by Thread:  ActiveX controls within an Intranet Environment, Marian Fitzgerald
Next by Thread:  Fwd: PHP Easter Eggs, Andi McLean
Indexes:  [Date] [Thread] [Top] [All Lists]