Re: DLL hijacking with Autorun on a USB drive

[Valdis.Kletnieks () vt edu]

On Wed, 01 Sep 2010 08:34:47 +1000, paul.szabo () sydney edu au said:
> Christian Sciberras <uuf6429 () gmail com> wrote:
>
> > Why do you say harmless? Because you know a text file can't do
> > anything at all.
>
> Exactly. The victim is attempting to view a plain text file. Surely
> that can be done safely?

Only if your OS's security model understands the fact that executable code
and data belong in different security domains and thus different rules should
apply about what files to "trust" in each category.

(and yes, "interpreted data" like shell scripts and Java .class files and Flash
are the sort of neither-fish-nor-fowl that give security models headaches, so
don't bother flaming about that. ;)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/