Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: DLL hijacking with Autorun on a USB drive
From: Dan Kaminsky <dan () doxpara com>
Date: Fri, 27 Aug 2010 01:18:48 -0400

On Fri, Aug 27, 2010 at 1:06 AM, <paul.szabo () sydney edu au> wrote:

Dan Kaminsky <dan () doxpara com> wrote:

Badly setup desktops: do not "hide extensions", maybe view details
(or list) not icons.

All that matters is defaults, and icons are way more powerful ...

Those defaults are wrong, change them. Anyway, icons are shown
with "view details".

I think you mean application types are shown with "view details".  The
problem is, there's a couple dozen application types that are all code
execution equivalent by design.  Do you know all of them?  Why should a

The web browser and the email client are not designed to launch
arbitrary code. The desktop ... is.

This attack may happen through the browser (UNC paths or somesuch).
Any talk about USB sticks or desktops is bogus.

There's no path between IE and a UNC window that doesn't either security
prompt or raise an unadorned Explorer window to a remote share.  I could see
an argument that the latter should prompt, given that it's a (by definition)
code execution context.  But that's about it.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]