[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Paul Weaver wrote:
===== Original Message From "paul" <psutton@xxxxxxxxxxx> ===== Hi just read on the register, that there seems to be a security hole in windows messenging, something to do with applications talking to each other, aparently it's broke and can't be fixed, but seems pretty serious, part of the API, I think.I presume you mean about win32's api''s being irrepairably broken? http://www.theregister.co.uk/content/4/26561.html
Why can't anyone precise this to save my browser.... Basically messaging between windows of different applications is free and easy, and at least one popular Virus scanning program is run as from a privileged account (Local System) and so you get to be admin if you are sitting at the box. The NSA won't like it (but they think cut and paste is an aberration), but I don't think getting system access to a box you have physical access to is a big deal, although that might depend on what else in your network trusts your local system account, hopefully nothing, and you use a different password for each - right?! Heck in the Microsoft hall of shame, this doesn't make the top 100. Indeed I suspect other Windowing systems might be vulnerable to this attack pattern - DCOP is your friend right? -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.