lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 18 Dec 2003 00:43:28 +0100 (MET)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: Julian Ashton <ashton@...tmedia.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior


On 17 Dec 2003, Julian Ashton wrote:

> Good question, I have been working on plugin systems suchs as giFT and
> Windows Media for quite a while and while they can do some neat
> things, this kind of behavoir cannot happen because of the way they
> were architechted. When I think of "plugins" I think of 1. An sdk. 2.
> Methods that you create that the "client" listens for. 3. All code in
> the plugin is sent to the "client" not the OS level. 4. Mainly COM
> (this plugin uses full use of C++/MFC in a DLL)

Excuse me...how do giFT or Windows Media prevent their plugins from
accessing the OS interface directly and doing whatever they (the plugins)
want to do? Do they run the plugins in a virtual machine?

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ