mailing list archives
Re: On classifying attacks
From: Godwin Stewart <gstewart () spamcop net>
Date: Sun, 17 Jul 2005 11:41:54 +0200
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 16 Jul 2005 12:40:29 -0400, Derek Martin <code () pizzashack org> wrote:
It seems to me your statement can't be correct, because this is ALWAYS
the case. A local exploit requires that a local user run an
executable. A remote exploit requires that a local user run an
executable, even if that is accomplished merely by booting the system.
All exploits require running code, and code doesn't magically start
itself... Running code is required, because it is the very running
code which is being exploited.
Maybe so, however with the case of the BIND attack, the vulnerability in
locally running code (named) is being exploited by a remote attacker via the
In the case of an e-mail containing malicious code, the code being exploited
(parts of the Windows kernel or whatever) is being attacked by code running
locally - on the *same* machine. In this sense it can hardly qualify as a
G. Stewart - gstewart () spamcop net
A lot of money is tainted. 'Taint yours and 'taint mine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----