lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1F74ADB6-CB10-4276-B702-2A51DFDF7A6E@doxpara.com>
Date: Thu, 26 Aug 2010 21:41:51 -0700
From: Dan Kaminsky <dan@...para.com>
To: "paul.szabo@...ney.edu.au" <paul.szabo@...ney.edu.au>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: DLL hijacking with Autorun on a USB drive





On Aug 26, 2010, at 9:30 PM, paul.szabo@...ney.edu.au wrote:

> Dan Kaminsky <dan@...para.com> wrote:
>
>>>> Instead of it executing "wab.exe (Windows Address Book) and open  
>>>> the
>>>> file test.vcf", one can directly get any .exe file open.
>>>
>>> Users have shown themselves very willing to open up test.vcf.exe.
>>
>> Or for that matter, test, which is actually an exe with the icon of a
>> vcf.  Thus the problem with all this chortling about foolish
>> applications:  the desktop simply does not possess the security model
>> of the browser or the email client.
>
> Badly setup desktops: do not "hide extensions", maybe view details (or
> list) not icons.


All that matters is defaults, and icons are way more powerful signals  
than a couple of letters at the end of "2010 Market  
Projections.ppt.exe' anyway.

The web browser and the email client are not designed to launch  
arbitrary code. The desktop, with the slight caveat of Standard User  
vs. Administrator, simply is.

> Cheers, Paul
>
> Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
> School of Mathematics and Statistics   University of Sydney     
> Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ