Glyn Moody of Opendotdotdot writes on professor Kim Ki-Chang of Korea University’s loss in suing the KFTC (Korean Financial Telecommunication and Clearings Institute) for its doggedly wrong insistence that Korean banks and other public web services use “ActiveX“, the symbol for all that is bad in Korean websites and seriously flawed security, to quote from a notice put out by US-CERT (Computer Emergency Response Team):
“Web surfers are urged to immediately disable ActiveX controls from IE to protect against a swath of publicly reported — and unpatched — software vulnerabilities…
Despite this dire warning from globally-recognized security experts and the well-known problems with Active-X, the KFTC remains unconvinced of the problem, as Glyn Moody writes:
How can a government lock its people into one technology – one, moreover, whose flaws are now well documented? Even the UK government has never been *this* daft.
… and it’s not *even* Korean technology.
{ 17 comments… read them below or add one }
I blame Microsoft…
The Japanese will use Active-X to steal Dokdo.
Don’t forgot all those software pirates. Or the gov’t that tacitly encourages them.
I would also add stop using pop-ups and MSN on the workplace!
I don’t know why Korean sites like using pop-ups so much. Really, someone explain it to me.
but many Koreans would argue that it was Korean programmers who pushed Active-X to its full potential or that without Korean programmers Microsoft wouldn’t be so successful here.
Oh, when I saw the word ‘committee’, I was confused. Committee takes out one voice through conferences among its constituent members. KFTC is a private corporate body founded by Korean banks to settle out bills and checks. Its members(사원, 社員) are Korean banks.
I found that its correct English name is ‘Korea Financial Telecommunications and Clearings Institute at
http://www.kftc.or.kr/html/etc/pr/ci.html .
Hmm, about the lawsuit? It’s not clear on what LEGAL grounds that the plaintiff is complaining. I’m also a one to go through the inconvenience and danger of active X programs.
The lawsuit was actually doomed to failure because of the issue that Winnie(?) identifies above: Prof. Keechang Kim was asking for remedies which really aren’t possible in Korean law, and without a basis for his claim in any Korean statutes — he was basically expecting an activist Korean court to create a remedy based in equity.
During my past decade in the Korean software industry I have often come across almost irrational reliance on Active-X to where it is used much more than in other markets.
Why? I’m not 100% sure, but it does seem to follow a pattern that Korean software programmers are not very elegant or particularly creative in their massive software coding projects for which they are (in)famous.
That is, once someone some time strikes on an approach, methodology or “solution,” it is often slavishly copied. I suspect someone who is well regarded in the Korean IT community built or enhanced his reputation on the virtues of Active-X and the community has taken it to an extreme.
Besides the security pitfalls listed in the above article, often every time there is a modification of a program using Active-X, the user must update Active-X. The process is not a big deal per se, but if you are a programmer serving a large user base, it can be problematic to get a new release or patch out to the user community and have everyone update their Active-X utility.
@8
There was a very interesting article by Gen Kanai which title is “The cost of monoculture” and is about the background of this problem.
Active X problem seems to have with some governmental decision back in the late 90ies.
A very interesting read.
http://www.kanai.net/weblog/archive/2007/01/26/00h53m55s#003095
What are you talking about, Elgin?! The Koreans invented Active-X!
Internet Explorer and Active-X are wonderful. I love them both. Anyone who does not see the most wonderful aspects of both is blind. Blind I tell you!!!
chia, thank god I’m blind
Anyone been hit the DNS exploits yet? This sequence of events is so predictable it reads like a bad SF novel.
http://www.pcworld.com/businesscenter/blogs/larkin_on_the_web/148569/have_you_fixed_your_companys_dns_servers.html
http://www.pcworld.com/businesscenter/article/148784/with_dns_flaw_now_public_attack_code_imminent.html
http://www.pcworld.com/businesscenter/article/148854/attack_code_released_for_new_dns_attack.html
http://www.pcworld.com/businesscenter/article/149126/dns_attack_writer_a_victim_of_his_own_creation.html
At last check, KT Megapass seems oblivious. Maybe we can use the flaw to redirect naver.com to an I Love Takeshima site.
Test your ISP here: http://www.doxpara.com/
http://en.wikipedia.org/wiki/SEED
@9
You are right on, and thank you for finding that article. The wiki article clearly explains the massive use of activex (the only way to implement SEED).
The other benefit to the wiki article is its brevity.
I am disappointed that a full 13 posts have been made without a smug Mac user saying “get a Mac.”
Fortunately, that problem has since been corrected.
On a side note, I was SSH spelunking through iPhone software innards and I found settings mentioning KTF. Does that mean we inbound iRoamers can use them?
How about a smug Ubuntu user saying “get Ubuntu”?
I’d be with Ders; but Firefox saved me…
You must log in to post a comment.
{ 3 trackbacks }