On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:
A paper has just been released on the Windows Vista's gadget API. The
abstract is as follows:
Windows has had the ability to embed HTML into it’s user interface
for many
years. Right back to and including Windows NT 4.0, it has been
possible t
Yes, this is a "new" attack vector, but it is always game over anyway if
I can get you to run my untrusted program. In my testing, installing
any Vista sidebar gadget results in a minimum of 3 warnings, each saying
that the code being installed could be harmful, before it is installed.
5 warnings
cus.com
Subject: Re: Next generation malware: Windows Vista's gadget API
On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:
> A paper has just been released on the Windows Vista's gadget API. The
> abstract is as follows:
>
> Windows has had the ability to embed HTML into it's us
(The original article was cross-posted to a lot of lists, maybe the discussion
could be moved to vuln-dev only, unless everyone wants to see all of this
stuff).
"Roger A. Grimes" <[EMAIL PROTECTED]> writes:
>Yes, this is a "new" attack vector, but it is always game over anyway if I
>can get you
On Saturday 15 September 2007 13:55:24 Peter Gutmann wrote:
> (The original article was cross-posted to a lot of lists, maybe the
> discussion could be moved to vuln-dev only, unless everyone wants to see
> all of this stuff).
I shall respond in turn to the interesting points from all responses.
