Full Disclosure mailing list archives
Re: Question about the new Xupiter toolbar
From: "Thor Larholm" <lists.netsys.com () jscript dk>
Date: Fri, 31 Jan 2003 08:53:15 +0100
From: "Richard M. Smith" <rms () computerbytesman com>
Has anyone looked into this new Xupiter toolbar to see how it is being installed on people's computer? In particular is it using some IE security hole for the install or does it just use the standard ActiveX drive-by download mechanism?
It is a standard signed ActiveX component, you have to EXPLICITLY accept installation. It is not using any security holes for installation, and it will only auto-install if you have set your security settings to the absolute MINIMUM. The only culprit here is user stupidity. There is no such thing as a "standard ActiveX drive-by download mechanism", that term is utterly FUD. Regards Thor Larholm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Question about the new Xupiter toolbar Richard M. Smith (Jan 30)
- Re: Question about the new Xupiter toolbar Brian McWilliams (Jan 30)
- Re: Question about the new Xupiter toolbar Thor Larholm (Jan 31)
- Origin of the term "driveby download" Richard M. Smith (Jan 31)
- Re: Origin of the term "driveby download" Brian McWilliams (Jan 31)
- RE: Re: Origin of the term "driveby download" Geo (Jan 31)
- RE: Re: Origin of the term "driveby download" Brian McWilliams (Jan 31)
- RE: Origin of the term "driveby download" Richard M. Smith (Jan 31)
- Origin of the term "driveby download" Richard M. Smith (Jan 31)
- Re: Origin of the term "driveby download" Thor Larholm (Jan 31)
- Re: Origin of the term "driveby download" madsaxon (Jan 31)
- RE: Origin of the term "driveby download" Richard M. Smith (Jan 31)
- RE: Question about the new Xupiter toolbar Richard M. Smith (Jan 31)
