Re: This sounds like a security disaster just waiting to happen...

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Ross wrote:
<SNIP!>
> P2P squid. Now what happens when a user decides to inject malicious
> code into the cached files...
<SNIP!>

User injection of malicious code? The better question is what will
happen when malware decides that it now has a new vector by which to
spread... by injecting itself into the user's cache, say for IE's
favorite home page, msn.com? I will guarantee you here and now, that is
an exploit just waiting to happen!

Plus, how about data exfiltration? Just peruse everyone's cache, purloin
all the data, and send it to Timbuktu.

Or,... how many other trivial attacks can we think of in under 2 minutes
where this lame concept could be exploited?

I guess that Windows 7 has now become the newest form of P2P malware!

Jon K.
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924 (NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkn42GIACgkQUVxQRc85QlPs3QCdHzFTSGKThvAsMlaGZ0lG1jlG
5xAAniethZdiAJkLcC5PNC8iYz7Y4cC2
=3iw3
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.