Feeds

MS ActiveX security holes publicly demoed

Richard Smith of Pharlap washes dirty linen in public

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Several security problems with Windows 98 were embarrassingly exposed at a security conference earlier this week. At the 8th Usenix Security Symposium in Washington DC, Richard Smith of Pharlap Software showed how ActiveX controls designed to help technical support could be used to gain access to users' PCs. Smith has been pointing out the problem for some time, exposing it on HP machines as early as July. It would seem to bee more a case of fundamental design flaws than bugs per se, but that of course makes matters worse. Problems of this kind are likely to become more common, as computer companies increasingly use the Web for online support, remote installation and remote control, and faulty trust relationships drive a coach and four through security. Smith demoed the security holes on Compaq and HP PCs, but it's likely to be considerably more widespread than that. HP itself posted a patch for the problem on its Web site earlier this month. ®

New hybrid storage solutions

More from The Register

next story
Quit drooling, fanbois - haven't you SEEN what the iPhone 6 costs?
How keen will buyers be when exposed to the real price?
Ex-Autonomy execs: HP's latest wad blows apart fraud allegations
Top bods claim IT titan's latest court filing is smoking gun of 'reckless aggression'
Forget silly privacy worries - help biometrics firms make MILLIONS
Beancounter reckons dabs-scanning tech is the next big moneypit
Elon Musk says Tesla's stock price is too high ... welp, NOT ANY MORE
As Nevada throws the SpaceX supremo a $1.25bn bone
Microsoft's Office Delve wants work to be more like being on Facebook
Office Graph, social features for Office 365 going public
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.