|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Valdis.Kletnieks
vt.edu
Date: Tue Jan 15 2008 - 12:14:03 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 14 Jan 2008 12:58:17 CST, Jan Heisterkamp said:
> > A malicious link executing unnoticed by the administrator may open the firewall.
>
> The catch is that this exploit don't work unnoticed, because the admin
> get notification in the browser that there has occured an error with the
> cerificate ["Unable to verify the identity of Linksys as a trusted
> site"] and he has explicity allow it. In other words first he has to
> allow to be attacked...
A very high percentage of Joe Sixpack "sysadmins" sitting at home surfing
for Nascar and pr0n will go "Yeah, whatever" and click OK anyhow. A long time
ago, I stopped thinking that "User must click OK to scary-looking message"
was any sort of road bump for malware.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHjPfrcC3lWbTT17ARAmiJAJ4p8ygPKdImMGxoXifxS07Mhg8DsQCfT2Ao
fRrj23lzdRb1cYCnrHbabt8=
=GHCW
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]