> On Thu, Nov 01, 2007 at 03:36:00PM -1000, Peter Besenbruch wrote: > > Firefox throws up a download dialog, asking what I should do > > with "prettyyoungthing.rpm," while a Javascript pop-up explains that to > > see these great images, I need to save the file, and type "rpm -i > > prettyyoungthing.rpm," and that I need to do it as root.....
On Monday 05 November 2007 00:34:18 Ben Wheeler <[EMAIL PROTECTED]> wrote: > Ok, let's make it easier. What can you install with one click, or maybe > two, but definitely just > clicky-clicky-don't-bother-to-read-it-just-click-ok rather than having to > type anything? A: Firefox extension. As well as ripping off your internet > banking login details (probably more valuable than pwning your machine > anyway), maybe it can add a special MIME type which opens with an > application that prompts, as innocuously as possible, for the root pw so it > can install a "new codec" or whatever. Yes, but not you are talking about a different kind of exploit than what has been previously discussed. We were, in fact discussing the kind of exploits that owned machines. What you raise is a separate issue that should be discussed in a separate thread. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
