[Dshield] WMF - SETABORTPROC alarms

Frank Knobbe frank at knobbe.us
Mon Jan 2 14:46:49 GMT 2006


On Mon, 2006-01-02 at 02:10 -0500, bschnzl at cotse.net wrote:
>    Your thoughts are appreciated.  Please include my address on the 
> to line for replies.  

My thought is: "Are you a troll or do you just lack a common sense
understanding of security?"

I mean... dude! Just browsing the web can do all sorts of stuff to your
machine! While you are correct that the user account needs admin level
for software to be installed, most people run this way! The majority of
personal as well as corporate desktops still allow the user to install
software.

So the issue at hand aids in the automatic installation of adware, but
also key stroke loggers, IRC bots for DDoS attacks, and anything else
hostile.

Or perhaps just a simple "del /r /y %USERPROFILE%" or such. 

This issue can be really big pain in the butt. For you to say "Resources
used in testing the unofficial patch are better used elsewhere." is
completely misguided and irresponsible. 

I mean, if you like, don't protect your own machine. I can send you a
list of URLs you can visit and you can see for yourself if the effect
causes you grief or not. Remember, *any* execution of third-party code
can be detrimental. (simply deleting your "My Documents", which also
works on unprivileged accounts, is an example)

If just visiting the wrong web site, or viewing the wrong image, an
cause data loss, do you think that's not a pressing vulnerability?

-Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20060102/d385e6af/attachment.bin


More information about the list mailing list