[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index] [Thread Index]
[Monthly Archives] [List Home]

Re: [Virtools] Deploy building block with webplayer?

> link with "format c:\" and you just made a virus : - (
>
> I don't think any Dll should be downloadable on the user computer
> without some way to ensure it is harmless,
>
> Just a thought..
>
> +Romain
[snippety for brevity]

Well, I can do that already with ActiveX and/or a fake webplayer plugin.
I still would be able to do that with the behavioral server.
Putting a virus on someone's harddisk isn't a difficult thing to do; I do a
lot of Security Audits for companies, and I can tell you, it is possible to
do
just about anything through IE.

The point is not that it can not be done (a malicious mp3 file inside the
vmo
already accomplishes this) in a 'not so friendly' way, but that the whole
idea of making bb's available is useless unless you fork down lots of cash
for a behavioral server.

Adding a signing method and a warning issue like java or activex is not
very hard.

I suspect a more protectionistic aproach towards the business of virtools,
rather than the noble thought of protecting the user.

And even if it were, I do not think that a Development Platform(!) company
should tell developers how to go about security issues.
But talking about development and security issues is off-topic, to me at
least.

Regards,
             Adrianus Warmenhoven


...............................................................
Distributed via the virtools-user-group list: http://www.theswapmeet.com/numl.html
To reply to the list instead of its author, use "Reply to All"
To unsubscribe: send "unsubscribe virtools-user-group" to Majordomo@lists.theswapmeet.com
To subscribe: send "subscribe virtools-user-group" to Majordomo@lists.theswapmeet.com
To post a message: send it to virtools-user-group@lists.theswapmeet.com
...............................................................
Follow-Ups: References: