Full Disclosure mailing list archives
Re: DLL hijacking with Autorun on a USB drive
From: paul.szabo () sydney edu au
Date: Fri, 27 Aug 2010 14:30:33 +1000
Dan Kaminsky <dan () doxpara com> wrote:
Instead of it executing "wab.exe (Windows Address Book) and open the file test.vcf", one can directly get any .exe file open.Users have shown themselves very willing to open up test.vcf.exe.Or for that matter, test, which is actually an exe with the icon of a vcf. Thus the problem with all this chortling about foolish applications: the desktop simply does not possess the security model of the browser or the email client.
Badly setup desktops: do not "hide extensions", maybe view details (or list) not icons. Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DLL hijacking with Autorun on a USB drive matt (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Pavel Kankovsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Pavel Kankovsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Atul Agarwal (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)