Re: [Full-Disclosure] Question about the new Xupiter toolbar

From: Thor Larholm (lists.netsys.com@jscript.dk)
Date: 01/31/03

Next message: bugzilla@redhat.com: "[Full-Disclosure] [RHSA-2003:020-09] Updated kerberos packages fix vulnerability in ftp client"

Previous message: gotcha: "Re: [Full-Disclosure] The worm author finally revealed!"
In reply to: Richard M. Smith: "[Full-Disclosure] Question about the new Xupiter toolbar"
Next in thread: Richard M. Smith: "[Full-Disclosure] Origin of the term "driveby download""
Reply: Richard M. Smith: "[Full-Disclosure] Origin of the term "driveby download""
Reply: Georgi Guninski: "Re: [Full-Disclosure] Question about the new Xupiter toolbar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Thor Larholm" <lists.netsys.com@jscript.dk>
To: "Richard M. Smith" <rms@computerbytesman.com>, <full-disclosure@lists.netsys.com>
Date: Fri, 31 Jan 2003 08:53:15 +0100

From: "Richard M. Smith" <rms@computerbytesman.com>
> Has anyone looked into this new Xupiter toolbar to see how it is being
> installed on people's computer? In particular is it using some IE
> security hole for the install or does it just use the standard ActiveX
> drive-by download mechanism?

It is a standard signed ActiveX component, you have to EXPLICITLY accept
installation. It is not using any security holes for installation, and it
will only auto-install if you have set your security settings to the
absolute MINIMUM. The only culprit here is user stupidity.

There is no such thing as a "standard ActiveX drive-by download mechanism",
that term is utterly FUD.

Regards
Thor Larholm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: bugzilla@redhat.com: "[Full-Disclosure] [RHSA-2003:020-09] Updated kerberos packages fix vulnerability in ftp client"
Previous message: gotcha: "Re: [Full-Disclosure] The worm author finally revealed!"
In reply to: Richard M. Smith: "[Full-Disclosure] Question about the new Xupiter toolbar"
Next in thread: Richard M. Smith: "[Full-Disclosure] Origin of the term "driveby download""
Reply: Richard M. Smith: "[Full-Disclosure] Origin of the term "driveby download""
Reply: Georgi Guninski: "Re: [Full-Disclosure] Question about the new Xupiter toolbar"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: From release notes for FC5T3 (web)
... Just having a program with a security hole on disk through a ... "everything" installation that you dont use is a potential problem that ... much the point of delivering it in fedora in the first place. ... unlike the alternative strict policy which might require a good amount ...
(Fedora)
Re: web server installation
... > fact (because of security hole in X system) on my installation i don't ... they server should be installable through ... The problem with the world is stupidity. ...
(alt.os.linux)
Re: web server installation
... >> So I need installation procedure of HTTP Server on Linux but this ... >> security hole in X system) on my installation i don't have X windows ...
(alt.os.linux)
Re: web server installation
... > So I need installation procedure of HTTP Server on Linux but this procedure ... > security hole in X system) on my installation i don't have X windows system ...
(alt.os.linux)