That's what I said about human error, scanning is no solution unless a clear UI is used which makes social engineering practically impossible.
On Wed, Jan 20, 2010 at 5:29 PM, omg wtf <hexma...@gmail.com> wrote: > Lol. > > Everyone keeps forgetting the social engineering aspects of utilizing > exploits. Especially if someone is using AntiVirus 2011 and has a google > wave account. > > On Tue, Jan 19, 2010 at 8:10 PM, <valdis.kletni...@vt.edu> wrote: > >> On Tue, 19 Jan 2010 19:01:36 CST, Rohit Patnaik said: >> > Yeah, no kidding. Surprise! Untrusted files can be malicious. If you >> > accept files from those whom you do not trust, whether its via e-mail, >> > instant message, Google Wave, or physical media, you well and truly >> deserve >> > the virus that'll eventually infect your machine. >> >> Let's see.. *HOW* many years ago did we first see e-mail based viruses >> that >> depended on people opening them because they came from people they already >> knew? 'CHRISTMA EXEC' in 1984 comes to mind. >> >> The problem here is that Google Wave is for *collaboration* - which means >> that you're communicating with people you already know, and presumably >> trust to some degree or other. "Hey Joe, look at this PDF and tell me >> what you think" is something reasonable when the request comes from >> somebody >> who Joe knows and who has sent Joe PDF's in the past. >> >> I guarantee that if every time you receive a document that appears to be >> from >> your boss, you call back and ask if they really intended to send a >> document or >> if it's a virus, your boss will get very cranky with you very fast. >> >> Let's look at that original advisory again: >> >> >> An attacker could upload his malware to a wave and share it to his >> >> Google Wave contacts. >> >> Now change that to "An attacker could trick/pwn some poor victim into >> uploading >> the malware to a wave...." Hilarity ensues. >> >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/