Security Basics mailing list archives

Re: How to....

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 29 Sep 2005 14:21:49 +0200

On 2005-09-29 Greg wrote:

This is stupid. You can always assign an icon to one application from
another and trick someone into running it.


Exactly the thing that gets said before the shit hits the fan in the
end. You ought to recognise a problem by now.

This is not low-level security at all, this is by design.


This isn't a design thing and if that is what you see it as, then you
don't realise what has happened. Look again.


*sigh*

The real issue at hand here is people having admin privileges when they
shouldn't. As others have pointed out before: if malware get's executed
with admin privs, you're toast. Period. It's utterly futile to worry
about stuff like "could change a shortcut's icon" when it comes to this.

Regards
Ansgar Wiechers
-- 
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668

Current thread:

How to.... Greg (Sep 27)
- Re: How to.... Micheal Espinola Jr (Sep 28)
- Re: How to.... Ansgar -59cobalt- Wiechers (Sep 28)
- Re: How to.... Larry Offley (Sep 28)
- Re: How to.... Jacob Bresciani (Sep 28)
  - Re: How to.... Greg (Sep 28)
- Re: How to.... Barrie Dempster (Sep 28)
- <Possible follow-ups>
- RE: How to.... Clarkson, Dustin (Sep 28)
  - Re: How to.... Greg (Sep 28)
    - Re: How to.... Ansgar -59cobalt- Wiechers (Sep 30)
- RE: How to.... Smith, Jeff (Sep 28)
- RE: How to.... Craig Wright (Sep 28)