locked
ActiveX and malicious code RRS feed

  • Question

  • Hello Everyone,

    It came to my attention that a lot of malicious code on the net usually resolves into Active X, Permission-less controls, threw Internet Explorers, Internet Options now.

    I seen several tactics, not always involved in needing to go to a malicious site, but only session into site(s) that have active content, such as , Adobe Flash, XML refresh states, and RSS feeds. A part with cookies, many attacks involve using basic html, sending a cookie, and queuing up the Active X modules with pattern packet methods and IP duplicating. Which by those trends, the attacker can start sending packets to the ActiveXs' module gaining access into a system, that has non-strict settings.

    Times like now it is very crucial for expanding businesses to have high profiled web domains, but it is very important to keep anyone who uses their site or any site, safe from online attacks. Active X is by far the most used, most compatible, content on the web. Microsoft should fortify their browsers' interactions, just for a more sophisticated integrity with the net.

    Windows7 is amazing and heading in a great direction, the core alone on the Platform is remarkable, and impenetrable. Internet Explorer still has some weak points, ActiveXs' cache being one.

    I think Internet Explorer should have all of its cache recalibrate. Basically, if the Active X content is encrypted,  or broken off into IE compressed cache, this would eliminate the ability of queuing the file or contents. The attacker usually will spoof their IP address and duplicate packets to get synchronization with cached temp files, and if the file is unreachable the attacker couldn't get any sort of data back. Which all that would really just be a matter of data buffering, not allowing inbound link ups to spoof the temp file location while not in use. 

    Perhaps the webpage could just only buffer as linked up, or what I mean is, the page could only send data, back and forth, while the page is in view. That would eliminate any type of other exchange happening from streaming feeds.

    Page transition, as refreshed, is what can give that moment for a attacker to breach a system, but if the Browser could send another que instead of actively receiving files from a domain, that would also cut off any attacker that is spoofing their IP, and trying to establish a connection with active content in a user's system.

    Data refreshing is what basically allows that exploit in ActiveX, but if the Internet Explore is doing the negotiation que of content, that would eliminate anything that is in use trying to attach to any other inbound streams.

    If Internet Explorer is the controller of the content that comes to a computer. Internet Explorer needs to control the cache connections. Internet Explorer should session the que, instead of just allowing any feed from the website to connect. Then Internet Explorer would actually be harnessing data flow.

    • Moved by sudarshans1 Wednesday, March 3, 2010 3:36 AM Moving from TechNet Online: Future Plans Forum, please move or answer as necessary (From:TechNet Online: Future Plans)
    Thursday, March 12, 2009 3:40 AM