| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Sep 2010 00:57:42 +0200 From: Christian Sciberras <uuf6429@...il.com> To: paul.szabo@...ney.edu.au Cc: full-disclosure@...ts.grok.org.uk, cmorris@...odu.edu Subject: Re: DLL hijacking with Autorun on a USB drive >>From a user perspective, why can't someone run Solitaire.exe off a USB? (as a plain example) Consider exploits, such as BOFs caused by bad file formats, how do you know which is secure or not? The main difference between a BOF and this issue is that it is a software fault, whereas the hijack "issue" is nothing less than an impractical nitpick. On Wed, Sep 1, 2010 at 12:34 AM, <paul.szabo@...ney.edu.au> wrote: > Christian Sciberras <uuf6429@...il.com> wrote: > >> Why do you say harmless? Because you know a text file can't do >> anything at all. > > Exactly. The victim is attempting to view a plain text file. Surely > that can be done safely? > > Cheers, Paul > > Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ > School of Mathematics and Statistics University of Sydney Australia > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists