This recent news story touches on a long-standing problem: Attackers zero in on Yahoo Jukebox's ActiveX flaw | InfoWorld | News | 2008-02-06 | By Robert McMillan, IDG News Service The fact is, writing secure ActiveX controls is an art, not a science. To succeed, a software developer has to look beyond the intended purposes of the interfaces, to other purposes for which they might be used. Say, for instance, that This recent news story touches on a long-standing problem: Attackers zero in on Yahoo Jukebox’s ActiveX flaw | InfoWorld | News | 2008-02-06 | By Robert McMillan, IDG News Service The fact is, writing secure ActiveX controls is an art, not a science. To succeed, a software developer has to look beyond the intended purposes of the interfaces, to other purposes for which they might be used. Say, for instance, that I wrote an interface to upload files to a site, intended to be run on a well-known safe site. If I had written it in a broad way so that it could be used to silently upload any file to any site, then a malicious site could detect the control and use it to upload Quicken files to steal peoples’ financial information.One safeguard is to be noisy about what you’re doing. My ActiveX controls pop up simple OK/Cancel permission dialogs the first time they are invoked in a browser session; the dialogs say what they are going to do and what sites they were intended to work on. That’s simple, and only mildly annoying. Of course, users tend to get jaded and accept such dialogs without thinking, but darkening the screen and sounding the klaxon horn of doom probably won’t help in the long term.Another safeguard is to actually check the site currently in use. That’s a little harder, but it’s possible. Internet Explorer supports a service called IWebBrowser2, which has an interface called get_LocationURL. This returns the URL of the calling page as a BSTR, and you can then use InternetCrackUrl from the wininet library to extract the domain and see if it’s on your white list of safe or licensed domains. A third safeguard is to restrict the functionality of the interface. Perhaps I want the control to upload images. If that’s the case, I could restrict the file types it will upload to .GIF, .JPG, .PNG, and .TIFF. The control could also double check that the files were valid before uploading them: there’s a reason that .TIFF files all have the number 42 in a specific place. And yes, 42 is the answer to “life, the universe, and everything.”Do you write ActiveX controls? If so, how do you protect them from malicious use? If you write Flash controls, how do you protect them? Software Development