funsec mailing list archives
Re: This sounds like a security disaster just waiting to happen...
From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 29 Apr 2009 18:44:50 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Ross wrote: <SNIP!>
P2P squid. Now what happens when a user decides to inject malicious code into the cached files...
<SNIP!> User injection of malicious code? The better question is what will happen when malware decides that it now has a new vector by which to spread... by injecting itself into the user's cache, say for IE's favorite home page, msn.com? I will guarantee you here and now, that is an exploit just waiting to happen! Plus, how about data exfiltration? Just peruse everyone's cache, purloin all the data, and send it to Timbuktu. Or,... how many other trivial attacks can we think of in under 2 minutes where this lame concept could be exploited? I guess that Windows 7 has now become the newest form of P2P malware! Jon K. - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 (NEW!) s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn42GIACgkQUVxQRc85QlPs3QCdHzFTSGKThvAsMlaGZ0lG1jlG 5xAAniethZdiAJkLcC5PNC8iYz7Y4cC2 =3iw3 -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: This sounds like a security disaster just waiting to happen... Juha-Matti Laurio (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Larry Seltzer (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Jeff Kell (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Valdis . Kletnieks (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Larry Seltzer (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Valdis . Kletnieks (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Jason Ross (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Jon Kibler (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Paul Ferguson (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Larry Seltzer (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Rich Kulawiec (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Steve Pirk (Apr 29)
- Re: This sounds like a security disaster just waiting to happen... Rich Kulawiec (May 03)
- <Possible follow-ups>
- Re: This sounds like a security disaster just waiting to happen... Juha-Matti Laurio (Apr 29)