| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: (no subject) Muhstik Botha <muhstik@...oo.com> wrote: > I just accessed a page which ejects my CD-ROM tray. Is this > consider privacy or security breaching? I'm no expert on pertinent > subject. For me, i don't like ppl be able to fool around with my > CDROM tray when i open their website. Any comments? Thanks. > > I checked the site and it contains : <<snip>> It is only a security or privacy breach to the extent that you allow your browser to run arbitrary scripts that can access the ActiveX controls (i.e. potentially arbitrary programs) you allow to be installed and enabled on your machine and to which whoever writes those ActiveX controls allows them to do more than their documentation, etc suggests they will. As the ActiveX control in question here was written by Microsoft and as Microsoft has a very poor track record of comprehending the real world's security and privacy sensitivities, I'd say that arbitrary script being able to control your CD drive tray control via ActiveX would be within the "expected par for the course". Of course, whether it "should be" thus is another matter altogether. For the answer to that, perhaps you should direct your question to Bill's latest large-scale marketing and PR team running a campaign known as "Trustworthy Computing"... Regards, Nick FitzGerald
Powered by blists - more mailing lists