[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive

To: "paul.szabo@xxxxxxxxxxxxx" <paul.szabo@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
From: Dan Kaminsky <dan@xxxxxxxxxxx>
Date: Tue, 31 Aug 2010 19:18:50 -0700

On Aug 31, 2010, at 6:49 PM, paul.szabo@xxxxxxxxxxxxx wrote:

> Dan Kaminsky <dan@xxxxxxxxxxx> wrote:
>
>> iexplore.exe has a security model. Explorer.exe doesn't ...
>
> Very dim view. So, there is no way for a Windows user to access his
> "desktop", e.g. any data on a CD or USB stick, in a safe way? Seems so
> wasteful for MS to try and plug autorun viruses, then...
>
> Thankfully, you are wrong. All decent OSs have some security. (Some  
> are
> more decent than others.)
>

Ok. Which desktop shell doesn't behave just like explorer?

More instructively -- what would a secure desktop look like?

> Cheers, Paul
>
> Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
> School of Mathematics and Statistics   University of Sydney     
> Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
  - From: paul . szabo

Prev by Date: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
Next by Date: [Full-disclosure] Unusable Security [was: Re: DLL hijacking with Autorun on a USB drive], also proxy in the middle detection / destruction
Previous by thread: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
Next by thread: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
Index(es):
- Date
- Thread