> Aditya Deshmukh wrote: > > suppose we have VNC installed and that is used to take control of the > > computer and the actions show up as done by the user - would it not be > > caught by law enforcement ? > > > What about Metasploit, which will gladly inject a RAM-only WinVNC server > and give complete remote control without "installing" WinVNC anywhere on > the hard drive? > > If your Windows box gets owned by such a thing, and you end up accused > of the crimes that the attacker committed while they were in control of > your box, you can kiss your ass goodbye.
exactly 100% correct, not to mention this defense will destroy a prosecution in front of a jury of people that can think for themselves, and an expert witness to properly diagram the attack vector / scenario. bravo, mw _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
