Page 307 - StudyBook.pdf
P. 307
Communication Security: Web Based Services • Chapter 5 291
judgment. By attaching digital certificates to the files, a user can be nearly 100-per-
cent sure that an ActiveX control is coming from the entity that is stated on the
certificate.To prevent digital forgery, a signing authority is used in conjunction
with the Authenticode process to ensure that the person or company on the cer-
tificate is legitimate.
With this type of security, a user knows that the control is reasonably authentic,
and not just someone claiming to be Adobe or IBM. He or she can also be rela-
tively sure that it is not some modification of your code (unless your Web site was
broken into and your private key was somehow compromised).While all possibili-
ties of forgery can’t be avoided, the combination is pretty effective; enough to
inspire the same level of confidence a customer gets from buying “shrink wrapped”
software from a store.This also acts as a mechanism for checking the integrity of
the download, making sure that the transfer didn’t get corrupted along the way.
IE will check the digital signatures to make sure they are valid, and then display
the authentication certificate asking the user if he or she wants to install the
ActiveX control.At this point, the user is presented with two choices: accept the
program and let it have complete access to the user’s PC, or reject it completely.
There are also unsigned ActiveX controls.Authors who create these have not
bothered to include a digital signature verifying that they are who they say they
are.The downside for a user accepting unsigned controls is that if the control does
something bad to the user’s computer, he or she will not know who was respon-
sible. By not signing your code, your program is likely to be rejected by customers
who assume that you are avoiding responsibility for some reason.
Since ActiveX relies on users to make correct decisions about which programs
to accept and which to reject, it comes down to whether the users trust the
person or company whose signature is on the authentication certificate. Do they
know enough about you to make that decision? It really becomes dangerous for
them when there is some flashy program they just have to see. It is human nature
to think that if the last five ActiveX controls were all fine, then the sixth one will
also be fine.
Perhaps the biggest weakness of the ActiveX security model is that any control
can do subtle actions on a computer, and the user would have no way of knowing.
It would be very easy to get away with a control that silently transmitted confiden-
tial configuration information on a computer to a server on the Internet.These
types of transgressions, while legally questionable, could be used by companies in
the name of marketing research.
Technically, there have been no reported security holes in the ActiveX security
implementation. In other words, no one has ever found a way to install an ActiveX
www.syngress.com
