Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse/Social Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 12-21-2003, 11:06 PM
Devine9 Devine9 is offline
Join Date: Dec 2002
Posts: 180

Ah, well welcome to the site. I'm sure we'll have many interesting conversations in the future. It's good to see a new face? ;)

Now for your question. I've found, at least throughout my years with programming, that on the web there is a great amount of tricks that you can perform upon users coming to a website. The problem lies in the fact that there are VERY few people in the world who can really code activex that is worth a shit. Me not being one of these people. Unfortunately I can't comment for sure on whether there is definitely possibilities within the activex environment, but there is most definitely a lot of information that the activex can gather that would be considered uncomfortable for the user.

Your email password: No I do no believe that there is any way in which the website would be able to simply grab your email password. There is though, many ways in which they could do it via a trojan horse application. In this scenario however, there is a major risk factor in that if a user's virus scanner detects such an occurance, that there is a big chance that the user will track the problem back to the site and notify the authorities of the incident. So this somewhat removes this potential problem.

In addition to this i'd like to clear up the misconceptions on your post in the way of scripting engines. Indeed there are quite a few scripting engines that can be installed on your system in order for system scripting to occur. These scripting engines, aside from javascript and other small visual browser script solutions, are run via server side, not client side. So in other words, there is no chance of remote execution of source code on a system due to just a compiler being installed. For example, if i install vc++, a website can not compile/execute vc++ code on my system through a web browsing scenario, and the same is true for perl/ tcl/tk /python/asp/jsp/php/etc..

Again, it's my understanding that there is only really the possiblity of uncomfortable data being accessed during execution of activex objects as they run client side, however i'm not an activex guru.

+Greythorne for one, i'm sure has more information for this topic, lets hope he stops by.


Devine Right
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.