Re: DLL hijacking with Autorun on a USB drive

[Dan Kaminsky <dan () doxpara com>]

On Fri, Aug 27, 2010 at 1:06 AM, <paul.szabo () sydney edu au> wrote:

> Dan Kaminsky <dan () doxpara com> wrote:
>
> > > Badly setup desktops: do not "hide extensions", maybe view details
> > > (or list) not icons.
> >
> > All that matters is defaults, and icons are way more powerful ...
>
> Those defaults are wrong, change them. Anyway, icons are shown
> with "view details".

I think you mean application types are shown with "view details".  The
problem is, there's a couple dozen application types that are all code
execution equivalent by design.  Do you know all of them?  Why should a
user?



> > The web browser and the email client are not designed to launch
> > arbitrary code. The desktop ... is.
>
> This attack may happen through the browser (UNC paths or somesuch).
> Any talk about USB sticks or desktops is bogus.
There's no path between IE and a UNC window that doesn't either security
prompt or raise an unadorned Explorer window to a remote share.  I could see
an argument that the latter should prompt, given that it's a (by definition)
code execution context.  But that's about it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/