Posted by TC on 09/12/06 18:37

Andy Dingley wrote:
> TC wrote:
>
> > 1. The change increases the default security of the Local Zone. I think
> > that's a good idea.
>
> You get to write to my filesystem, I'm 0wned already.

No, that depends on what I can write, and where I can write it. I can't
own your PC by writing text files to the TEMP directory.

MOTW relates specifically to content written by browsers (possibly
running under restricted accounts) to the places that browsers can
actually write to. That is the context in which to discuss it. *All*
security mechanisms become irrelevant if the attacker can write
anything to anywhere.


> > 2. It is not a "mystical incantation". It is clearly documented in MSDN:
>
> That's the point. Here's a security measure that's well-intentioned, if
> somewhat weak. Then they've publically written down how to make a key
> to unlock it.

Unlock what?

Go to groups.google.com. View the first few lines of the source
(without saving it). Now File : SaveAs the page, and look at the saved
source. You'll see that *IE itself* has added the MOTW. Run the saved
file locally - all is good. Now remove the MOTW, and run it again -
you'll get the active content warning.

Adding the MOTW has not "unlocked" anything. It has not let the page do
anything that it couldn't do before. It has not magically elevated the
page above the Internet Zone permissions.

TC (MVP MSAccess)
http://tc2.atspace.com

[Back to original message]