|
Posted by Lionel Fourquaux on January 6, 2006, 10:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
Calm down, you have missed one important point.
1136503284.463479.81000@f14g2000cwb.googlegroups.com...
>And had to delete alot of these off my machine
I've a few of them on mine, too, and they are not viruses. I even wrote some
of them, since they are pretty handy for scripting.
> Just imagine - a simple hacker can use these files BEHIND THE scenes on
> a FLASH website (since flash can run web pages in the background - or
> use new window feature on some server). I mean you can even get user
> name and passwords to secrure websites JUSt by reading the cookies of
> one's machine and saving it to a XML file on your server...
No, they can't. HTA are executable files, handled much in the same way EXE
files are. You can think of them as a kind of program, with a graphical
interface designed as an HTML page. For the system, they *are* programs.
Your hypothetic hacker would face exactly the same blocks preventing the
execution of HTA files as for binary programs (and hopefully arbitrary
remote execution of binary programs is blocked).
> Has microsoft COMPLETELY lost their mind in enabling this application
> ability?
No, they don't, and they provided a very useful tool for writing scripts
with a user-friendly interface.
By the way, did you know that the control pannel user accounts management
tool uses HTML for its graphical interface? This is the same idea. HTML can
be useful for much more than web pages.
| 
XML site map