John Gilmore wrote:
even though, as I believe, the the offender's code itself commits no substantive offense it it is, I think, guilty of the admittedly much subtler offense of providing a template for others, who are bent on mischief, to use.
If the PFLIH hook is (as it has been described earlier in these threads) a mechanism by which a non-authorized process can become authorized, then its very existence is a "substantive offense" in and of itself. It is not just "a template", it doesn't just show the way. It *is* the way. I fervently hope that the existence of this thread has gotten the attention of the ISV who has created this obscenity and that it will commit immediate resources to purging this from its products. Dave Cole REPLY TO: dbc...@colesoft.com ColeSoft Marketing WEB PAGE: http://www.colesoft.com 736 Fox Hollow Road VOICE: 540-456-8536 Afton, VA 22920 FAX: 540-456-6658 At 3/1/2012 04:54 PM, John Gilmore wrote:
I don't want to put words in EJ's mouth; but if 'an exposure' were replaced by what I should call 'misuse' what he said is correct and not even controversial. I think there is an exposure, in the sense that this device lends itself very readily to abuse. I have seen no evidence that it has actually been misused in any but the tenuous sense that it adds clandestine overhead to the processing of every interrupt. The device itself has been much misused elsewhere. A number of viruses have, for example, used a Windows scheduled task---PC Health Data Collection is a favorite---to hijack PCs. Moreover, now that its use has been publicized here, the scheme it embodies---not, a fortiori, the offender's code itself---is all but certain to be used irresponsibly by others; even though, as I believe, the the offender's code itself commits no substantive offense it it is, I think, guilty of the admittedly much subtler offense of providing a template for others, who are bent on mischief, to use. John Gilmore, Ashland, MA 01721 - USA ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN