Forum latest

Be prepared: ActiveX attacks will persist
General
Written by Daniel   
Tuesday, 19 February 2008 12:22

 Flaws in the technology, poor development practice, and a large user base add up to big risks

By Matt Hines
February 19, 2008
InfoWorld

A recent string of high-profile ActiveX vulnerabilities caused the U.S. Computer Emergency Readiness Team (US-CERT) to advise users to disable the ubiquitous Microsoft browser plug-in technology altogether. The vectors for these recent exploits include a third-party image uploading tool used on both the Facebook and MySpace social networking sites, and flaws found in Yahoo's Music Jukebox, Real Networks' RealPlayer, and Apple's QuickTime.

"We're seeing an increase in exploits aimed at these types of tools that are commonly used with a variety of technologies including social networking sites and multimedia players. As online crime becomes more prominent, malicious actors are taking advantage of these types of vulnerabilities to accomplish their objectives," said a spokesman at the U.S. Department of Homeland Security, which oversees the US-CERT.

Security experts contend that there's no end in sight for attacks on the plug-in architecture.

One reason is that there are plenty of security holes in ActiveX to be exploited. But another reason is not Microsoft's fault, they say: any technology used so widely will attract hacker attacks. "There's simply a lot of software out there using ActiveX that's either preloaded or embedded that users don't even realize is there, and that's why it was necessary to make the advisory," the US-CERT spokesman said...  [InfoWorld...]  [Comments...]
 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either