[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikSKpoTO+QBavnO4pX83SxaFMn_fZawzo_-4omp@mail.gmail.com>
Date: Wed, 1 Sep 2010 00:57:42 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: paul.szabo@...ney.edu.au
Cc: full-disclosure@...ts.grok.org.uk, cmorris@...odu.edu
Subject: Re: DLL hijacking with Autorun on a USB drive
>>From a user perspective, why can't someone run Solitaire.exe off a
USB? (as a plain example)
Consider exploits, such as BOFs caused by bad file formats, how do you
know which is secure or not?
The main difference between a BOF and this issue is that it is a
software fault, whereas the hijack "issue" is nothing less than an
impractical nitpick.
On Wed, Sep 1, 2010 at 12:34 AM, <paul.szabo@...ney.edu.au> wrote:
> Christian Sciberras <uuf6429@...il.com> wrote:
>
>> Why do you say harmless? Because you know a text file can't do
>> anything at all.
>
> Exactly. The victim is attempting to view a plain text file. Surely
> that can be done safely?
>
> Cheers, Paul
>
> Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
> School of Mathematics and Statistics University of Sydney Australia
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists