On Mon, 14 Jan 2008 12:58:17 CST, Jan Heisterkamp said: > > A malicious link executing unnoticed by the administrator may open the > > firewall. > > The catch is that this exploit don't work unnoticed, because the admin > get notification in the browser that there has occured an error with the > cerificate ["Unable to verify the identity of Linksys as a trusted > site"] and he has explicity allow it. In other words first he has to > allow to be attacked... A very high percentage of Joe Sixpack "sysadmins" sitting at home surfing for Nascar and pr0n will go "Yeah, whatever" and click OK anyhow. A long time ago, I stopped thinking that "User must click OK to scary-looking message" was any sort of road bump for malware.
Attachment:
pgpb8Dodzdcx0.pgp
Description: PGP signature