978-0840020932 Chapter 13

Chapter 13: Programming Exploits

TRUE/FALSE

1. During the early days of the Internet, most Web pages were static HTML, so programming exploits

could only be aimed at the client-side browsers.

2. The design flaw in ActiveX is that ActiveX can do anything the user can do.

3. The COM architecture was first released with Windows XP.

4. One of the least common exploits used on the Internet is a buffer overflow.

5. HTML is a dynamic language, and can be executed successfully outside a Web browser.

MULTIPLE CHOICE

1. ____ controls are stand-alone compiled applications designed to make it possible to link and allow

interactions between variously developed applications.

a.

ActiveX

c.

Java widgets

b.

Applets

d.

VBScript

2. Up until ____, when Microsoft issued the patch that disables autoplay of ActiveX controls, ActiveX was

becoming a widespread way to perform surreptitious installation of spyware and adware on Windows

machines.

a.

2000

c.

2003

b.

2001

d.

2006

3. The ____ vulnerability exploits an unchecked buffer in Internet Explorer processing HTML elements

such as FRAME and IFRAME elements.

a.

phishing

c.

HTML e-mail

b.

buffer overflow

d.

remote access

4. Secure transfer of data has been made available by protocols such as ____.

a.

FTP

c.

SSL

b.

HTTP

d.

TCP

5. SSL encrypts the session, as well as the data that is being used in the session, using ____.

a.

PKI

c.

TLS

b.

VPN

d.

HTTPS

COMPLETION

1. _________________________ are the defects in various programming languages that are used to

develop server-side and client-side applications.

2. ____________________ controls are Component Object Model (COM) objects that can be embedded in

a variety of applications.

3. ____________________, Microsoft’s answer to Netscape’s JavaScript language, is loosely based on the

Visual Basic programming language, but is much simpler.

4. ______________________________ is the most basic script used to develop Web pages and uses a set

of markup tags, such as <script> </script>, to define the structure of Web pages.

5. Java is designed to run in a platform-independent manner using _________________________ installed

on the client computer as its sandbox.

SHORT ANSWER

1. What is the difference between a script and a programming language?

2. How can attackers use ActiveX to modify resources on an implementation of Windows?

3. What security measures regarding ActiveX should you take if you are running Windows 2000 or

Windows XP?

4. How can you counter VBScript vulnerabilities if you are administering a network?

5. What are some of the vulnerabilities in JavaScript?