Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

RE: [Full-disclosure] Next generation malware: Windows Vista's gadget API
From: "Strykar" <str () hackerzlair org>
Date: Mon, 17 Sep 2007 23:04:28 +0530

Firstly, "the sky isn't falling, the risks posed by the gadget API
already
existed elsewhere in Windows generally, but this is another new attack
surface without any legacy dependencies".  This is my general view on
the
gadget API.



Yahoo widgets.

 

Finally, why on earth does the trust model for gadgets consist of full
trust
and nothing more.  Why not allow gadgets to state in their manifest
that for
example they don't need to execute things, won't make use of ActiveX
controls
and will only connect to a specific host?



Or have the OS force a restrained environment for them to run within.
The usability and convenience offered by them isn't worth the opportunities
they proffer.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]