Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API

To: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Subject: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API
From: Thierry Zoller <Thierry@xxxxxxxxx>
Date: Sun, 16 Sep 2007 14:34:32 +0200
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, <news@xxxxxxxxxxxxxx>, <roger@xxxxxxxxxxxxxx>, <tmb@xxxxxxxxx>, <vuln-dev@xxxxxxxxxxxxxxxxx>, <webappsec@xxxxxxxxxxxxxxxxx>
In-reply-to: <E1IWXBE-0006Lp-Tz@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Kachkeis Liebhaber CoKG
References: <096A04F511B7FD4995AE55F13824B833213056@contoso> <E1IWXBE-0006Lp-Tz@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Thierry Zoller <Thierry@xxxxxxxxx>

Dear Peter,

I have a few questions, maybe you have time to answer them.

PG> No, this is an entirely new level of attack,
"New level of attack", what makes you believe that?

PG> because it's moved the dancing
PG> bunnies problem onto the Windows desktop.
Huh ? What is different to let's say the southpark worm we saw years
ago? Or any other normal binary that promised to be a screensaver or
similar ?

PG> The level of warnings is
PG> irrelevant
Euhm ok, so in your logic the program shouldn't run at all ? What do
you perceive as "relevant" here.

PG> Given what an incredible attack vector they are
What is incredible in this attack vector ? What is actually new ?
What is the differnce with the  "User downloads screensaver and get's
owned" attack vector ?

PG>  I'm amazed there haven't been any serious
PG> exploits yet.
See Wikipedia definition of exploit :
http://en.wikipedia.org/wiki/Exploit_%28computer_security%29

--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7

Follow-Ups:
- Re: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API
  - From: Peter Gutmann
- Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
  - From: Tim Brown

References:
- RE: Next generation malware: Windows Vista's gadget API
  - From: Roger A. Grimes
- RE: Next generation malware: Windows Vista's gadget API
  - From: Peter Gutmann

Prev by Date: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Next by Date: RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Previous by thread: Re: Next generation malware: Windows Vista's gadget API
Next by thread: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Index(es):
- Date
- Thread