ActiveX

or how to put nuclear bombs in web pages

[ Apropos | ActiveX and Exploder | In the News | Using Exploder | Download Exploder | Contacting the Author | Exploder FAQ | Your Comments ]

I am often available for contract software engineering work. If you need someone for Win32, ActiveX, CGI or Java, please have a look at my resume.

Apropos

Are you looking for a team excelling in development of ActiveX, Java, UNIX or Windows software? Apropos Incorporated has the solution. Contact us at http://www.accessone.com/apropos or send mail to apropos@accessone.com.

ActiveX and Exploder

Active X is often referred to as OLE renamed. What does this mean? Any Active X control downloaded over the web might be a trojan or virus. Be careful!

In response to all of the e-mail being sent about this control, I've created a Frequently Asked Questions (FAQ) page. You can find it at http://www.halcyon.com/ActiveX/Exploder/FAQ.htm. Please read it if you have questions, or try asking them in the discussion area.

Exploder Image
Exploder, Fred's non-violent demonstration of Active X.

Exploder is an Active X control which demonstrates security problems with Microsoft's Internet Explorer. Exploder performs a clean shutdown of Win95 and will turn off the power on machines that have a power conservation BIOS (green machines).

Click on the "Boom" image above for a demonstration.

In the News

Publications Mentioning Exploder

Exploder has been mentioned in more publications then I can recall at this point. If you know of any that are not on this list, send me a mail message about it. Thank you!

Electronic Engineering Times, October 07, 1996
Navigator 'e-mail bomb' bug uncovered

Computer Reseller News, September 16, 1996
Security fears dog Explorer -- VARs question ActiveX integrity, advise caution

Computer Reseller News, September 16, 1996
MCLAIN'S CRUSADE: Consultant sets out to prove technology's faults -- Microsoft's ActiveX: Dangerous Technology?

Electronic Engineering Times, September 09, 1996
Browse this!

Electronic Engineering Times, August 19, 1996
Web-browser battle brews over security

Computer World, August 19, 1996
Microsoft Trips On Web

Packet: Simson Garfinkel - Technology
Deadly Controls

Byte Magazine, November 1996
Byte's Bugs

Dr. Dobb's Sourcebook, January/February 1997

Wired Magazine, Febuary 1997
X Marks the Spot (page 45)

Information Week, Febuary 3, 1997

Information Week, Febuary 10, 1997

Morgunbladid Daily (Iceland), Febuary 13, 1997
Váskeytt er far flásu Tölvur

iX Multiuser-Multitasking-Magazin (Germany), Febuary, 1997
Pages 108-111

NetGuide Magazine, March 1997

Information Week, ? 1997

Exploder has also been mentioned in The Melbourne Morning Tribune, Developers from Brasil, and some papers in Holland, Germany, and Japan. I do not have the publication dates for these. If you know which issues Exploder was mentioned in, please send me a mail message about it. Thanks!

Other older news of note

As of August 23rd Exploder is now a "signed" control using Microsoft's Authenticode technology. This effectivly addesses Microsoft's rebuttal to my claims of a security hole in their implementation of ActiveX.

Exploder is in the news! The week of August 19 th, Exploder made the front page of Electronic Engineering Times. I was also qouted in ComputerWorld (and still haven't seen the artical), and Exploder was mentioned in PC Week. Microsoft has also put up a page on it under "Customer Security Concerns" at http://microsoft.com/intdev/security/. You can see the EE Times artical at http://www.activextra.com/news/news.cgi/news1_0819.html.

Using Exploder

To use Exploder on a page, you can use the following HTML in your page. Be sure you have already placed Exploder.ocx in the same directory. 

<A HREF="http://www.halcyon.com/mclain/ActiveX">
<OBJECT ID="Exploder1" WIDTH=86 HEIGHT=31
 CODEBASE="Exploder.ocx"
 CLASSID="CLSID:DE70D9E3-C55A-11CF-8E43-780C02C10128">
    <PARAM NAME="_Version" VALUE="65536">
    <PARAM NAME="_ExtentX" VALUE="2646">
    <PARAM NAME="_ExtentY" VALUE="1323">
    <PARAM NAME="_StockProps" VALUE="0">
Exploder Control!</OBJECT></A>

Download Exploder

Download Exploder

Right click on the HREF above and use "Save Link As..." in Netscape, or "Save Target As..." in Internet Explorer to download Exploder.ocx. Please read the FAQ first!

Download Exploder's source code. Requires VC++ 4.0 or later. Self extracting EXE file.

For another sample of Fred's toying with the dangers of ActiveX, check out Runner, an example of how a hidden ActiveX control can run programs on your computer.

Contacting the Author

I love fan mail, but seldom respond to it. Please read the FAQ first, it may answer your questions. If it doesn't, try asking them in the guestbook.

Fred McLain
mclain@halcyon.com
[ Apropos | ActiveX and Exploder | In the News | Using Exploder | Download Exploder | Contacting the Author | Exploder FAQ | Your Comments ]

All trademarks on this page are the property of their respective owners.

Copyright © 1996, 1997 Fred McLain
Most recent revision Febuary 18th, 1997

Accesses to this page since July 16th 1996