Re: Digest Number 266
Posted by
beer@s...
on 1999-12-03 09:54:41 UTC
Hans;
It was not my intention to strike any sort of nerve nor offend in any
way and if I've done so, please accept my apologies.
In answer to some of your other points.
be "infected", if you will, simply by reading a web page created by a
bad person.
This is a new method of getting "infected", and it's becoming a problem
for a lot of people. We've had a real problem with it here at the
university, and have spent a LOT of time trying to rid ourselves of it.
For this reason alone, we consider using an ActiveX enabled browser to
be a bad idea, and they are prohibited on all machines used in
sensitive areas. ( Finance, for example )
The WORST variant of this problem is an ActiveX control that installs a
special version of Back Orifice. This version of Back Orifice, once
installed, sits there in the background and waits for you to connect to
the internet. Once connected, it broadcasts a message ( in the
background, of course ) saying "the computer at this IP address is
online and available to be hacked".
( Previous versions of Back Orifice required a specific port to be
scanned. We were able to detect this scanning and provide some
measure of protection for our users. This new trend in this type of
software - and there's a number of these things - is more troubling. )
Microsoft has produced, over the couple of years, literally dozens of
patches for security problems with its web browsers. If you ever want
to be seriously depressed, subscribe to Microsoft's Security
Notification service at
http://www.microsoft.com/security.
You'll be amazed at the amount of email they'll send describing
security problems THAT THEY'VE FIXED - probably averages out to 4 or 5 a
week. I believe that Microsoft is pretty good at and pretty aggressive
with these fixes. Still, one wonders how many are not fixed ...
installed, supplying Netscape with some additional "help".
ARE other OSs than the ones written in Redmond.
And it's not half the world's web pages. I spend most of my day
"surfing"; it's what I'm paid to do. <G> As such, I see a LOT of new
pages a day, every day. To date, I can only think of two sites that I'm
unable read in some manner or other, except with an ActiveX enabled
browser.
One of these sites was a purely commercial venture and also a waste of
time, so no great loss. The other site is yours, which is decidedly NOT
a waste of time and hence the reason for my reply.
Hell, it's your web site! I think it's fabulous that you provide the
information that you do.
I would simply suggest that for your next update or your next addition,
you consider these compatibility issues.
Alan
--
Alan Rothenbush | The Spartans do not ask the number of the
Academic Computing Services | enemy, only where they are.
Simon Fraser University |
Burnaby, B.C., Canada | Agix of Sparta
It was not my intention to strike any sort of nerve nor offend in any
way and if I've done so, please accept my apologies.
In answer to some of your other points.
>It's the other way round. A computer that has an ActiveX enabled browser can
> How in the world can someone gain access to my computer because they
> read my web page at swbell.net ?
>
be "infected", if you will, simply by reading a web page created by a
bad person.
This is a new method of getting "infected", and it's becoming a problem
for a lot of people. We've had a real problem with it here at the
university, and have spent a LOT of time trying to rid ourselves of it.
For this reason alone, we consider using an ActiveX enabled browser to
be a bad idea, and they are prohibited on all machines used in
sensitive areas. ( Finance, for example )
The WORST variant of this problem is an ActiveX control that installs a
special version of Back Orifice. This version of Back Orifice, once
installed, sits there in the background and waits for you to connect to
the internet. Once connected, it broadcasts a message ( in the
background, of course ) saying "the computer at this IP address is
online and available to be hacked".
( Previous versions of Back Orifice required a specific port to be
scanned. We were able to detect this scanning and provide some
measure of protection for our users. This new trend in this type of
software - and there's a number of these things - is more troubling. )
Microsoft has produced, over the couple of years, literally dozens of
patches for security problems with its web browsers. If you ever want
to be seriously depressed, subscribe to Microsoft's Security
Notification service at
http://www.microsoft.com/security.
You'll be amazed at the amount of email they'll send describing
security problems THAT THEY'VE FIXED - probably averages out to 4 or 5 a
week. I believe that Microsoft is pretty good at and pretty aggressive
with these fixes. Still, one wonders how many are not fixed ...
> There are millions of web pages composed with FrontPage and I haveHowever, I'll bet that in all cases, a version of IE was also
> tested mine with Netscape 4.5, 4.6 (two version) and 4.7 It also works
> with IE5...
installed, supplying Netscape with some additional "help".
> If you are going to play with these high tech toys, then get the latestUnfortunately, not all of the world CAN use a Microsoft browser; there
> updates; if not don't complain because you can't see half of the Worlds
> web pages..
ARE other OSs than the ones written in Redmond.
And it's not half the world's web pages. I spend most of my day
"surfing"; it's what I'm paid to do. <G> As such, I see a LOT of new
pages a day, every day. To date, I can only think of two sites that I'm
unable read in some manner or other, except with an ActiveX enabled
browser.
One of these sites was a purely commercial venture and also a waste of
time, so no great loss. The other site is yours, which is decidedly NOT
a waste of time and hence the reason for my reply.
> I will not redo my web page because a small handful of people can'tOf course not, nor would would any reasonable person expect you to.
> install and upgrade their browsers.
Hell, it's your web site! I think it's fabulous that you provide the
information that you do.
I would simply suggest that for your next update or your next addition,
you consider these compatibility issues.
Alan
--
Alan Rothenbush | The Spartans do not ask the number of the
Academic Computing Services | enemy, only where they are.
Simon Fraser University |
Burnaby, B.C., Canada | Agix of Sparta
Discussion Thread
beer@s...
1999-12-03 09:54:41 UTC
Re: Digest Number 266
Andrew Werby
1999-12-03 02:01:31 UTC
Re: Digest Number 266