lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200507182007.j6IK7prM016238@linus.mitre.org>
Date: Mon, 18 Jul 2005 16:07:51 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: bugtraq@...urityfocus.com
Subject: Re: On classifying attacks



Derek Martin said:

>The vulnerability is neither truly remote nor local, in the normal
>senses as we have defined them here.  It is a different kind of
>vulnerability altogether.  The vulnerability is one to automatically
>triggering trojan horses....

I agree with you on the need for a third category.

Another term could be "user-complicit," which reflects the core role
that the user has in activating the vulnerability, versus the
traditional "automatic" exploitation (no human user interaction) and
"opportunistic" exploitation (attacker has no control over when the
vulnerable state occurs, as can happen in some types of information
leaks for example).

Depending on the normal channels by which the "trojan" is delivered,
the attack could be "local user-complicit" or "remote user-complicit."
For example, images are usually shared in some remote fashion, thus a
vulnerability in an image renderer could be remote user-complicit,
whereas a vulnerability that requires a local user to trick another
local user into changing into a directory with a large name would be
local user-complicit.

One small difficulty I have with associating this too closely with the
"trojan horse" terminology is that many Trojans are inserted after a
vulnerability has been exploited and access is gained, so this further
muddies the waters of an already vague term.

- Steve


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ