--- Gadi Evron <[EMAIL PROTECTED]> wrote:
> David M Chess wrote:
> > But many of us *love* to argue about taxonomies and word meanings (it's
> > cheaper than booze anyway). *8)
> 1. A user-assisted remote attack.
> 2. A client-side remote attack.
>
> I.e., we can add "user assisted" as a class
David M Chess wrote:
But many of us *love* to argue about taxonomies and word meanings (it's
cheaper than booze anyway). *8)
To my mind, if the attacker needs to be logged into an account on the
machine being attacked then the vulnerability is local; if the attacker
just has to be able to pu
> The difference with other client attacks triggered from remote location
> is the attacker. If he/she connects to you and tries to exploit, the
> service is running and then runs into say, an exception. With a browser
> you go to a remote site, download code, run it locally and get
exploited.
Daniel Weber wrote:
Crispin Cowan wrote:
I participated in that Lincoln Labs study, and my recollection is
that the remote/local distinction was already popular on bugtraq at
the time.
I've seen a lot of classification schemes proposed on Bugtraq in the
intervening years, some of them quite g