How can attackers use ActiveX to modify resources on an implementation of Windows?
What will be an ideal response?
Attackers can use ActiveX to modify resources on an implementation of Windows in three ways. The first method is direct commands. An attacker specifies certain commands that the compromised ActiveX control executes upon download, such as editing the executable PATH or deleting/replacing a specific file. The second method is indirect attack, such as editing the preferences of Internet Explorer to make an unsafe site of the attacker's choice appear in the Trusted Sites list in Internet Options; or to change the default search engine to one of the attacker's choice; or, perhaps, to disable personal firewall software. These two attack modalities can be defeated by setting the security and privacy controls to disallow unsafe ActiveX behavior or unsigned components.?A third way is deceiving the browser security checks to indicate that an ActiveX control is secure.
You might also like to view...
You use a(n) ________ to display an image on a form.
A. Picture box B. Form box C. Image box D. Object box
You are examing a Linux box with multiple email accounts configured. You know which of the accounts holds the message you seek and you even have a few key words that you know are contained in the message. Which of the following utilities will you use to find those messages?
a. STRINGS b. SU c. BIND d. GREP