lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <003201c2c8fd$cf95b050$858370d4@wks.jubii.dk>
From: lists.netsys.com at jscript.dk (Thor Larholm)
Subject: Question about the new Xupiter toolbar

From: "Richard M. Smith" <rms@...puterbytesman.com>
> Has anyone looked into this new Xupiter toolbar to see how it is being
> installed on people's computer?  In particular is it using some IE
> security hole for the install or does it just use the standard ActiveX
> drive-by download mechanism?

It is a standard signed ActiveX component, you have to EXPLICITLY accept
installation. It is not using any security holes for installation, and it
will only auto-install if you have set your security settings to the
absolute MINIMUM. The only culprit here is user stupidity.

There is no such thing as a "standard ActiveX drive-by download mechanism",
that term is utterly FUD.

Regards
Thor Larholm

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ