Firstly, the sky isn't falling, the risks posed by the gadget API
already
existed elsewhere in Windows generally, but this is another new attack
surface without any legacy dependencies. This is my general view on
the
gadget API.
Yahoo widgets.
Finally, why on earth does the trust
Roger A. Grimes [EMAIL PROTECTED] writes:
I'm sorry, we'll have to agree to disagree. I don't see the new attack vector
here. I, the attacker, have to make you download my malicious trojan program,
which you install on your computer.
It's not so much the attack vector, it's the usability issue.
PROTECTED]
Cc: bugtraq@securityfocus.com; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL
PROTECTED]
Subject: RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's
gadget API
Roger A. Grimes [EMAIL PROTECTED] writes:
I'm sorry, we'll have to agree to disagree. I don't see the new attack
generation malware: Windows Vista's gadget API
On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:
A paper has just been released on the Windows Vista's gadget API. The
abstract is as follows:
Windows has had the ability to embed HTML into it's user interface
for many
years. Right back
Dear Peter,
I have a few questions, maybe you have time to answer them.
PG No, this is an entirely new level of attack,
New level of attack, what makes you believe that?
PG because it's moved the dancing
PG bunnies problem onto the Windows desktop.
Huh ? What is different to let's say the
-disclosure] Next generation malware: Windows
Vista's gadget API
Thierry Zoller [EMAIL PROTECTED] writes:
PG No, this is an entirely new level of attack,
New level of attack, what makes you believe that?
Because previously you had to spam users and convince them to go to some
random web site
Firstly, the sky isn't falling, the risks posed by the gadget API already
existed elsewhere in Windows generally, but this is another new attack
surface without any legacy dependencies. This is my general view on the
gadget API.
On Sunday 16 September 2007 13:34:32 Thierry Zoller wrote:
PG
(The original article was cross-posted to a lot of lists, maybe the discussion
could be moved to vuln-dev only, unless everyone wants to see all of this
stuff).
Roger A. Grimes [EMAIL PROTECTED] writes:
Yes, this is a new attack vector, but it is always game over anyway if I
can get you to run
On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:
I'm sorry, we'll have to agree to disagree. I don't see the new attack
vector here. I, the attacker, have to make you download my malicious
trojan program, which you install on your computer.
Irrespective of the rest of what Roger
Thierry Zoller [EMAIL PROTECTED] writes:
PG No, this is an entirely new level of attack,
New level of attack, what makes you believe that?
Because previously you had to spam users and convince them to go to some
random web site and download who knows what (or follow a link in the spam, or
On Saturday 15 September 2007 13:55:24 Peter Gutmann wrote:
(The original article was cross-posted to a lot of lists, maybe the
discussion could be moved to vuln-dev only, unless everyone wants to see
all of this stuff).
I shall respond in turn to the interesting points from all responses.
***
-Original Message-
From: Tim Brown [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 13, 2007 5:17 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; bugtraq@securityfocus.com;
[EMAIL PROTECTED]
Subject: Next generation malware: Windows Vista's gadget API
A paper has just been released on the Windows Vista's gadget API. The
abstract is as follows:
Windows has had the ability to embed HTML into it’s user interface for many
years. Right back to and including Windows NT 4.0, it has been possible to
embed HTML into the task bar, but the OS has
On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:
A paper has just been released on the Windows Vista's gadget API. The
abstract is as follows:
Windows has had the ability to embed HTML into it’s user interface
for many
years. Right back to and including Windows NT 4.0, it has been
possible
14 matches
Mail list logo