[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability Disclosure
At 01:10 AM 6/9/2007, Valdis.Kletnieks@xxxxxx wrote:
The *real* attack vector here is "Can you, as an outsider, get the sysadmin
to run a installer script that *looks* OK at first glance, but ends up
doing something untoward by abusing the setup.exe that the sysadmin sees
in the script but doesn't actually look closely at"?
If you look at the Windows malware - a lot of attackers don't even
care about getting "admin", just normal user privileges are good
enough to do what they want (zombies to send spam, DoS, etc).
cron jobs + LWP + Google + eval = fun, right?
Could always look in ~/Maildir etc for "Spam" to eval too.
Have a nice day ;).