|
Full Disclosure
mailing list archives
Re: DLL hijacking with Autorun on a USB drive
From: paul.szabo () sydney edu au
Date: Fri, 27 Aug 2010 15:06:11 +1000
Dan Kaminsky <dan () doxpara com> wrote:
Badly setup desktops: do not "hide extensions", maybe view details
(or list) not icons.
All that matters is defaults, and icons are way more powerful ...
Those defaults are wrong, change them. Anyway, icons are shown
with "view details".
The web browser and the email client are not designed to launch
arbitrary code. The desktop ... is.
This attack may happen through the browser (UNC paths or somesuch).
Any talk about USB sticks or desktops is bogus.
Cheers, Paul
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
(Thread continues...)
| 
