lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5.0.0.25.2.20030131100941.02013eb0@pop3.direcway.com>
From: madsaxon at direcway.com (madsaxon)
Subject: Origin of the term "driveby download"

At 04:29 PM 1/31/03 +0100, Thor Larholm wrote:

>Because of this FUD term, articles such as
>http://wired.com/news/infostructure/0,1377,57467,00.html has sentences like
>this:
>
>"And the toolbar will install itself automatically when Internet Explorer's
>security settings aren't set to the highest level."
>
>As we all know (if you didn't know, then now you do), signed ActiveX
>components require explicit user consent before installing - on anything
>except the very MINIMUM security settings. The default settings, heck even
>lowered settings above the minimum (there are 4 default levels of settings),
>will ask for explicit consent.

I haven't tried to verify this myself, but some folks over on Slashdot are 
claiming that
earlier versions of IE bundled with 98 and ME are vulnerable to downloads
without user intervention.  I don't use IE for anything, so I haven't 
really followed its
tortuous bug trail very closely. There have also been some people who claim
that they've visited sites that gave them a "Xupiter plugin is necessary to 
view this site"
message.

Of course, updating your browser and refusing to download plugins whose
function you aren't sure of would obviate these issues, but we all know
that some people are less likely to take these steps than others, for a
variety of reasons.  Calling them "stupid" may make us feel superior, but it
doesn't make any progress toward solving the problem. When stupid people
download malicious code that gums up the Internet, we all suffer.

Overall, I can't help but think that Xupiter is sleaze at its worst.

m5x


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ