Microsoft Internet Explorer Users, beware.. Hamburg's Chaos Computer Club reported on their successful Active X/Quicken application, which can take money from users' bankaccounts without their knowing it.... The dangers of Active X have been reported by the Club in January, but until now no adequate solution for its dangers has been found...
What is Active X?
Why is Active X Dangerous?
What Did the Chaos Computer Club Do?
What Does This Mean For Your Choice of Browsers?
What is Active X?
Active X is a feature of Microsoft's Internet Explorer 4. It is essentially a method of installing software on your computer which can install items or software modifications over the Internet. ActiveX was developed for the purpose of installing elements directly to a user's desktop - it takes items and places them directly on the user's desktop, and enters your computers operating system to do so.
Why is Active X Dangerous?
Because the technology directly affects the operating system of your computer and doesn't 'stay' in a protective environment, malicious codes can be installed that can execute commands that affect the way software runs (the CCC control affected Quicken, a financial management software) or even change your security preferences. Today the CCC suggested that Active X would allow malicious programmers to break down security barriers (firewalls) from inside the system - essentially bypassing the most coveted standard in computing security today.
What Did the Chaos Computer Club Do?
For a full report, see http://www.iks-jena.de/mitarb/lutz/security/activex.en.html!
The CCC made an ActiveX application that affected the way the software program Quicken runs on a user's computer. If
made available on a web site, the control could install itself on a user's computer and covertly check to see whether the popular personal-finance software package Quicken is installed. Once Quicken is run to transfer money from a bank account, the ActiveX control makes the user transfer DM20.- too much form their account. Neither the bank, nor the user, nor Microsoft, nor the developers of Quicken could do anything to prevent this.
What Does This Mean For Your Choice of Browsers?
"Microsoft has a system that lets software publishers stamp different programs so computer uses know they can trust them and avoid such problems, said it will begin a security awareness campaign during the next two weeks", TechWire reported on February 8. Today is August 9 - but no successful solution to the problem has been found yet. The CCC recommends that you don't use IE4, or if you do, disable ActiveX until a truly secure solution is found...
Logo developed by CCC to point out the dangers of ActiveX controls...
|