It may sound too bold, but I think we can say this way now. We get rid of all known vulnerabilities (we have found few new while testing/refactoring IU).
The "exterior perimeter" code was seriously analyzed. All suspicious portions of code (primarily legacy one) were totally revised and rewritten using safe programming approach. Wherever we were in time, we fixed "internal" code as well (we still have a lot of work to do, but this is less critically). We run a number of new tests which try to pass "garbage" into params and checked out how Image Uploader deal with them.
As a result we have released version 5.0.40 (and 4.6.30 - for those who did not upgrade yet). We claim these versions to be secure enough, although we realize that bad things happen and we could overlook something. That's why we reserved some time for security guys to try it. If no more problems are found (I hope for this) we will killbit old vulnerable versions.
You may wonder what the heck is killbit. The idea is simple. As you may know, each ActiveX control (including IU) is identified with CLSID. There is a special section in registry where listed CLSIDs of controls which should not be loaded by IE. "To killbit the control" means to put CLSID of this control into this section. More information on this can be found in Microsoft Knowledge Base.
UPD: For those who is looking for more comprehensive information about killbit and how it works, look into Kill-Bit FAQ posted on Microsoft TechNet blogs: part 1, part 2, and part 3. Thanks to Elazar Broad for these links.
Now, let's see how we will handle this. When we get assured that no more security bugs are found, we release the new version of Image Uploader which will have new CLSID. Hopefully it will happen right after weekends. After that we will urge users to killbit old version with all possible means. In particular:
Let's examine aftermath of the killbit for our customers.
When we examined how to make ActiveX more secure we found out that Internet Explorer has a mechanism which allows to make ActiveX control to be usable only on certain websites (domains). Of course we cannot utilize it for standard version (since it is used on thousands websites), but we can easily restrict Image Uploader by specific host domain when we prepare a private-label version.
So even if some security flaw is found in future, no one will be able to exploit it with a private-label version. It will be applicable for standard build only. I cannot refer owners of private-label version, however Image Uploader build of some of them is much more wide-spread that standard one, and these companies are much more public than Aurigma. So journalists from IT magazines will have to look for other source for sensation... :-)
That's all for today. Stay tuned
Aurigma is a software company specialized in creating products for web developers: