Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

From: kb8rln () PENGUINMASTER COM (Richard Rager)
Date: Sat, 13 May 2000 11:55:00 -0600

On Fri, 12 May 2000, Maxime Rousseau wrote:


This argument makes no sense at all, if your scripting hosts are
trojanted i think you have problems FAR more serious then having your
.vbs always authenticates. Its pointless to assume protection where your
trusted base is no longer trustable.



  First I am depending of a good IT staff.  (I know this is alot to ask
for).  The programs that can run will be the ones with a their key on the
on the PKI server.  If some one email a script or doc to you it will not
run. This will include all OLE stuff too.

  I am not sure how the scripting hosts are going to get trojanted.  You
should have a PKI server just for internal users that can not get to the
internet.

 Michael E. Harmer wrote the best discussion yet.  Please read my
responds.

Enjoy,

Richard
Previous By Date Next
Previous By Thread Next

Current thread: