On Tue, 9 Mar 2004, Richard Moore wrote:
> 2. While you can open things in their apps, what you can't do is make
> anything directly execute - that takes an addition step (eg. using
> konqueror or the command line to set the executable flag, then running
> the attachment). Since we do not let macros run on document openning,
> the risks of opening things are minimised.
Uhh, with some new worms, you not only can't execute the rogue directly by
just clicking on an attachment, but you need to enter a password to get
access to it... you just need a userbase clueless enough to carry out even
a fairly complicated action out of curiosity, and some social engineering.
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2004-03-09 20:13 --
http://lcamtuf.coredump.cx/photo/current/
