Check out the new USENIX Web site.
Security Symposium '99 - August 23-26, 1999 - Marriot, Washington,D.C., USA

Table of Contents


Invited Talks — Wednesday, August 25

The Burglar Alarm Builder's Toolbox

Marcus Ranum
, CEO, Network Flight Recorder, Inc.
When you're protecting your site, don't ignore the home court advantage! One of the best ways to detect attackers is by instrumenting your system with unexpected booby traps and alarm bells. Make your system or network into a virtual minefield for hackers to play in. I will present a few useful tools and sick, twisted ideas for building burglar alarms.

ActiveX Insecurities

Richard M. Smith, President, Phar Lap Software, Inc.
Microsoft's ActiveX technology in the Internet Explorer browser is enough to give any person concerned about computer security the willies. Here we have binary executables being automatically downloaded and run by Web pages right past most firewalls. ActiveX controls do not execute in any sort of security sandbox and have complete access to a computer. Microsoft offers us their Authenticode technology to protect us from people creating malicious controls. So far, it's not hackers but major hardware and software vendors such as Microsoft, HP, Compaq, and MSNBC who have created clever methods of delivering questionable ActiveX controls and finding backdoors into Authenticode. Richard will describe Authenticode's inner workings. He'll demonstrate many of the problems he has found with different vendors' ActiveX controls and will show how these controls can be easily misused by anyone. He will also offer some potential solutions to problems created by ActiveX controls and weaknesses in the design of Authenticode.


?Need help? Use our Contacts page.
First posted: May 1999
Last changed: 3 Sept. 1999 jr
Conference Index
Events Calendar