MS ActiveX security holes publicly demoed
Richard Smith of Pharlap washes dirty linen in public
Posted in Business, 27th August 1999 08:46 GMT
Increase your knowledge of the latest threats to your busines
Several security problems with Windows 98 were embarrassingly exposed at a security conference earlier this week. At the 8th Usenix Security Symposium in Washington DC, Richard Smith of Pharlap Software showed how ActiveX controls designed to help technical support could be used to gain access to users' PCs. Smith has been pointing out the problem for some time, exposing it on HP machines as early as July. It would seem to bee more a case of fundamental design flaws than bugs per se, but that of course makes matters worse. Problems of this kind are likely to become more common, as computer companies increasingly use the Web for online support, remote installation and remote control, and faulty trust relationships drive a coach and four through security. Smith demoed the security holes on Compaq and HP PCs, but it's likely to be considerably more widespread than that. HP itself posted a patch for the problem on its Web site earlier this month. ®
See what The Register's experts have to say on application security


The future of SaaS and IT infrastructure management
The Total Economic Impact of Dell's PC products and services
The best practices guide for application security
Reducing messaging and web security costs with managed services

Win a Samsung C6625!
Is your cameraphone an oxymoron?
Reg Mobile and Wireless newsletter is go! go! go!
Sign up, sign up for The Register IT security newsletter