lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 17 Sep 2007 13:43:35 +0100
From: Tim Brown <tmb@...35.com>
To: bugtraq@...urityfocus.com
Cc: vuln-dev@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	webappsec@...urityfocus.com
Subject: Re: Next generation malware: Windows Vista's
	gadget API

On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:

> I'm sorry, we'll have to agree to disagree. I don't see the new attack
> vector here. I, the attacker, have to make you download my malicious
> trojan program, which you install on your computer.

Irrespective of the rest of what Roger says (which I agree with FTR), this bit 
is simply wrong.  Look at the PoC that has been made public:

https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048

It's not (just) about downloading malware gadgets.  It's about exploiting 
vulnerabilities *in* gadgets (the default gadgets in Vista, in the case of 
the PoC).  Essentially anywhere a gadget calls for example eval() on 
untrusted data you *may* have a a problem.

Tim
-- 
Tim Brown
<mailto:tmb@...35.com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ