OT: Vista's "ultimate" security :)
Fairlight
fairlite at fairlite.com
Tue Feb 6 11:20:42 PST 2007
Simon--er, no...it was Kenneth Brody--said:
>
> Next, consider a malicious website that plays "bad" audio files.
>
> Perhaps a website which attempts to download an executable to
> your system, and then plays an audio file which answers the
> questions that the security warning popup would ask.
Which was always my assumption behind the assertion that programs like
Anzio should never have escape code command activation on by default. If
you go to a site with a "bad" /etc/issue, you're just as screwed.
And it's far easier to do than trigger voice activation. I'd consider it a
broader target vector.
mark->
--
Try our new SPF-0 lotion, SunScream[tm]. Get it while it's hot!
More information about the Filepro-list
mailing list