On Tue, 08 Apr 2008 04:24:05 +0100, Roy Schestowitz wrote:
> New Attack Kit Targets Bag of ActiveX Bugs
>
> ,----[ Quote ]
>| Bugs in ActiveX, a Microsoft technology used most often to create add-ons for
>| the company's Internet Explorer (IE) browser, have always been common, but so
>| many serious flaws have been disclosed of late that some security experts
>| have recommended users do without them.
> `----
>
> http://www.pcworld.com/article/id,144214-pg,1/article.html
This is complete bullshit.
The flaws are in valid plug-ins. These plug-ins would exist no matter what
plug-in technology was used. The vulnerabilities are not in ActiveX
itself, but the controls that use ActiveX.
If ActiveX didn't exist, the makers of these controls would simply use
Netscape plug-in API's, or whatever plug-in API was available.
This reporter needs to learn a little bit more about what he's reporting
on.
|
|
