Full Disclosure mailing list archives
Re: Next generation malware: Windows Vista's gadget API
From: "Strykar" <str () hackerzlair org>
Date: Mon, 17 Sep 2007 23:04:28 +0530
Firstly, "the sky isn't falling, the risks posed by the gadget API already existed elsewhere in Windows generally, but this is another new attack surface without any legacy dependencies". This is my general view on the gadget API.
Yahoo widgets.
Finally, why on earth does the trust model for gadgets consist of full trust and nothing more. Why not allow gadgets to state in their manifest that for example they don't need to execute things, won't make use of ActiveX controls and will only connect to a specific host?
Or have the OS force a restrained environment for them to run within. The usability and convenience offered by them isn't worth the opportunities they proffer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Next generation malware: Windows Vista's gadget API Tim Brown (Sep 13)
- Re: Next generation malware: Windows Vista's gadget API Todd Manning (Sep 13)
- Message not available
- Re: Next generation malware: Windows Vista's gadget API avivra (Sep 14)
- Re: Next generation malware: Windows Vista's gadget API Roger A. Grimes (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 15)
- Re: Next generation malware: Windows Vista's gadget API Thierry Zoller (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Strykar (Sep 17)
- Message not available
- Message not available
- Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 17)
- Re: Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 16)
- Re: Next generation malware: Windows Vista's gadget API Eric Chien (Sep 17)