Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Chapter 13: Programming Exploits
TRUE/FALSE
1. During the early days of the Internet, most Web pages were static HTML, so programming exploits
could only be aimed at the client-side browsers.
2. The design flaw in ActiveX is that ActiveX can do anything the user can do.
3. The COM architecture was first released with Windows XP.
4. One of the least common exploits used on the Internet is a buffer overflow.
5. HTML is a dynamic language, and can be executed successfully outside a Web browser.
MULTIPLE CHOICE
1. ____ controls are stand-alone compiled applications designed to make it possible to link and allow
interactions between variously developed applications.
a.
ActiveX
c.
Java widgets
b.
Applets
d.
VBScript
2. Up until ____, when Microsoft issued the patch that disables autoplay of ActiveX controls, ActiveX was
becoming a widespread way to perform surreptitious installation of spyware and adware on Windows
machines.
a.
2000
c.
2003
b.
2001
d.
2006
3. The ____ vulnerability exploits an unchecked buffer in Internet Explorer processing HTML elements
such as FRAME and IFRAME elements.
a.
phishing
c.
HTML e-mail
b.
buffer overflow
d.
remote access
4. Secure transfer of data has been made available by protocols such as ____.
a.
FTP
c.
SSL
b.
HTTP
d.
TCP
5. SSL encrypts the session, as well as the data that is being used in the session, using ____.
a.
PKI
c.
TLS
b.
VPN
d.
HTTPS
COMPLETION
1. _________________________ are the defects in various programming languages that are used to
develop server-side and client-side applications.
2. ____________________ controls are Component Object Model (COM) objects that can be embedded in
a variety of applications.
3. ____________________, Microsoft’s answer to Netscape’s JavaScript language, is loosely based on the
Visual Basic programming language, but is much simpler.
4. ______________________________ is the most basic script used to develop Web pages and uses a set
of markup tags, such as <script> </script>, to define the structure of Web pages.
5. Java is designed to run in a platform-independent manner using _________________________ installed
on the client computer as its sandbox.
SHORT ANSWER
1. What is the difference between a script and a programming language?
2. How can attackers use ActiveX to modify resources on an implementation of Windows?
3. What security measures regarding ActiveX should you take if you are running Windows 2000 or
Windows XP?
4. How can you counter VBScript vulnerabilities if you are administering a network?
5. What are some of the vulnerabilities in JavaScript?
