MS ActiveX security holes publicly demoed

Several security problems with Windows 98 were embarrassingly exposed at a security conference earlier this week. At the 8th Usenix Security Symposium in Washington DC, Richard Smith of Pharlap Software showed how ActiveX controls designed to help technical support could be used to gain access to users' PCs. Smith has been pointing out the problem for some time, exposing it on HP machines as early as July. It would seem to bee more a case of fundamental design flaws than bugs per se, but that of course makes matters worse. Problems of this kind are likely to become more common, as computer companies increasingly use the Web for online support, remote installation and remote control, and faulty trust relationships drive a coach and four through security. Smith demoed the security holes on Compaq and HP PCs, but it's likely to be considerably more widespread than that. HP itself posted a patch for the problem on its Web site earlier this month. ®