Full Disclosure mailing list archives

Re: DLL hijacking with Autorun on a USB drive

From: paul.szabo () sydney edu au
Date: Fri, 27 Aug 2010 15:06:11 +1000

Dan Kaminsky <dan () doxpara com> wrote:

Badly setup desktops: do not "hide extensions", maybe view details
(or list) not icons.


All that matters is defaults, and icons are way more powerful ...


Those defaults are wrong, change them. Anyway, icons are shown
with "view details".

The web browser and the email client are not designed to launch  
arbitrary code. The desktop ... is.


This attack may happen through the browser (UNC paths or somesuch).
Any talk about USB sticks or desktops is bogus.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

DLL hijacking with Autorun on a USB drive matt (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
  - Re: DLL hijacking with Autorun on a USB drive Pavel Kankovsky (Aug 30)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Atul Agarwal (Aug 26)
  - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 27)

(Thread continues...)