sharpy merc
join:2003-01-28
England
1 edit | reply to La Luna
Re: Acer puts Active X hole on laptops
said by La Luna  :I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place!
Kinda like "oops we forgot...Sorry people our bad."
more like " Oh crap we got caught!" |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| said by sharpy merc :said by La Luna :I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place! Kinda like "oops we forgot...Sorry people our bad." more like " Oh crap we got caught!" I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it. It was just being installed for no reason other than to serve as a possible vector for disastrous abuse. 
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Optimum Online
 ·Vonage
| reply to sharpy merc
said by sharpy merc :said by La Luna :I'm glad they at least patched this pretty quickly, once they were alerted to it. What do you mean alerted to it. They put it on the bloody thing in the first place! Kinda like "oops we forgot...Sorry people our bad." more like " Oh crap we got caught!" Tinfoil anyone?
Please read the article. 
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
1 edit | reply to Name Game
stupid Acer... |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | reply to vircotto
said by javaMan :...I think in reading about it there was a note somewhere that mentioned that it wasn't even being used anymore and apparently no one had bothered to follow up and remove it.... Yes, that's my take on this.
I really don't think there was any malicious intent way back when this poorly designed 'feature' was implemented, and it just sort of slipped through the cracks over the years.
In fact, it may have actually been thought useful or even 'innovative' at the time. 
(I don't recall too many people preaching about the dangers of ActiveX back then).
As shown, this has apparently been around since at least 1998 or earlier...10 or more years ago, yet it is only just now circulating around the web.
With a security hole as big as this one, you can be sure we would have heard of some serious problems (and a fix) long before now, had anyone been aware of it.
Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun.
--
I had a life once.....now I have a Computer and a Modem. |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| said by jabarnut :. . . Of course, now that it *is* well known, I sure hope everyone is able to patch their machines before the 'bad guys' (who also know about it now), start having some fun. LOL That was exactly my thought when I first read the article.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs: 
| reply to vircotto
Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX 
--
UbuntuForums Administrator: try Ubuntu Linux |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| said by jdong :Someone posted on Digg a counter-attack that uses the exploit to unregister the exploitable ActiveX OCX How ironic.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs: | reply to vircotto
Ahh well, all patched.
Now I can sleep tonight.  |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs: | reply to vircotto
Patched here without a problem as well. |
|
dancy70
Premium
join:2005-01-29
Hudson, FL
 ·Verizon Online DSL
| reply to vircotto
I have an Acer Aspire 3000 series as a 2nd laptop and, sure enough, LunchApp was there. It tried to get the fix from Acer, but the site was really bogged down, or something, but the recommendation in one of the links listed on this board to deactivate the control by going to Tools - Internet Options - Programs - Manage Add-ons worked nicely. Since I use FF on all of my computers and use IE only for updates, it probably would have gone unnoticed for a few more years (I have had the computer now for over a year) but for this board.
It is interesting that a search for LunchApp, LApp, etc., even using the additional "fuzzy" options presented by Acer returned no documents
TKU - Dan |
|
