lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <200709131016.38814.tmb@65535.com>
Date: Thu, 13 Sep 2007 10:16:37 +0100
From: Tim Brown <tmb@...35.com>
To: vuln-dev@...urityfocus.com, webappsec@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	news@...uriteam.com
Subject: Next generation malware: Windows Vista's gadget
	API

A paper has just been released on the Windows Vista's gadget API.  The 
abstract is as follows:

Windows has had the ability to embed HTML into it’s user interface for many 
years. Right back to and including Windows NT 4.0, it has been possible to 
embed HTML into the task bar, but the OS has always maintained a sandbox, 
from which the HTML has been unable to escape. All this changes with Windows 
Vista. This paper seeks to inform system administrators, users and the
wider community on both potential attack vectors using gadgets and the 
mitigations provided by Windows Vista.

The full paper can be found at http://www.portcullis-security.com/165.php.

Cheers,
Tim
-- 
Tim Brown
<mailto:tmb@...35.com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ