Full Disclosure mailing list archives

Re: Question about the new Xupiter toolbar


From: "Thor Larholm" <lists.netsys.com () jscript dk>
Date: Fri, 31 Jan 2003 08:53:15 +0100

From: "Richard M. Smith" <rms () computerbytesman com>
Has anyone looked into this new Xupiter toolbar to see how it is being
installed on people's computer?  In particular is it using some IE
security hole for the install or does it just use the standard ActiveX
drive-by download mechanism?

It is a standard signed ActiveX component, you have to EXPLICITLY accept
installation. It is not using any security holes for installation, and it
will only auto-install if you have set your security settings to the
absolute MINIMUM. The only culprit here is user stupidity.

There is no such thing as a "standard ActiveX drive-by download mechanism",
that term is utterly FUD.

Regards
Thor Larholm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: