Security 101

by Matt 9. January 2007 03:55

This just beggars belief. Acer appears to have sold computers with a pre-installed ActiveX control that allows any web site to run any executable on your machine with any command line arguments.

Now, I'm no security expert. But working for an internet bank you do pick a few things up. Probably by osmosis. So, I'm going to take a gamble here and state that I think this is a Really Bad Thing.

If this had been Joe Random Programmer posting some example code on his blog, then I could forgive them. A sternly worded comment could point out the error of their ways.

But a corporation has no excuse. Someone must have requested this feature, someone must have specced it, someone built it and someone tested it. And none of them noticed the glaringly large security hole?

And Slashdot ran this story on the same day they ran a story entitled "What Makes Software Development So Hard?". With news like this Acer thing, I reckon we need to make Software Development harder, and get a bit of old Darwinian magic in to fix this...

Tags:

Comments (3) -

LAURENCE  Debora
LAURENCE Debora
5/29/2011 10:49:28 AM #

Rien que des annuaires de qualité sur annuaires-gratuit.com, vos commentaire svp ?.

Reply

best suv 2011
best suv 2011
7/20/2011 10:37:11 PM #

Hi, just required you to know I he added your website to my Google bookmarks due to your layout. But seriously, I consider your net web-site has 1 in the freshest theme I??ve came across. It extremely helps make studying your blogging site significantly easier.

Reply

AC Installation Pompano
AC Installation Pompano
10/7/2011 6:08:26 AM #

Since it's asking to post a comment on the bottom here, I thought I'd write something to be more helpful.  I've been having my AVG come up with "Threat name: Exploit Blackhole Exploit Kit" on a lot of blogs this week.  Please double-check the permissions on your blog to make sure that everything is secure.  Google "WordPress write permissions" and make sure you've done everything on that list.

Reply

Add comment

biuquote
  • Comment
  • Preview
Loading

Month List

RecentComments

Comment RSS