Bugtraq mailing list archives
Re: DJB's students release 44 *nix software vulnerability advisories
From: Crispin Cowan <crispin () immunix com>
Date: Thu, 23 Dec 2004 00:16:55 -0800
Steven M. Christey wrote:
I call this class "worms", or more grammatically a class of remote vulnerabilities subject to worm attack. where the malware can propagate unassisted.In addition to modeling the level of authentication needed, I've been thinking that it might also be important to note how much user/victim participation is required for activation of the exploit, i.e. whether the issue can be automatically exploited by normal user activity (e.g. by simply reading an email message) or whether there's some social engineering involved. However, I haven't put much thought into terminology for this besides: - automatic: exploit is automatically activated as a result of normal usage of the product
I call this class "viruses, same grammar hack as above. These require the victim to click on something, or such like, before the malware can propagate.- complicit: requires some victim participation or inaction
I'm having a hard time seeing the difference between "complicit" and "opportunistic".- opportunistic: can not really control when, or if, the victim activates the exploit
Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
Current thread:
- Re: DJB's students release 44 *nix software vulnerability advisories, (continued)
- Re: DJB's students release 44 *nix software vulnerability advisories Michal Zalewski (Dec 23)
- Re: DJB's students release 44 *nix software vulnerability advisories Valdis . Kletnieks (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories laffer1 (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Jonathan Rockway (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories Stephen Harris (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Raymond M. Reskusich (Dec 21)
- RE: DJB's students release 44 *nix software vulnerability advisories Devin Ganger (Dec 21)
- Re: DJB's students release 44 *nix software vulnerability advisories Steven M. Christey (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories David Wagner (Dec 24)
- Re: DJB's students release 44 *nix software vulnerability advisories Steven M. Christey (Dec 22)
- Re: DJB's students release 44 *nix software vulnerability advisories Crispin Cowan (Dec 23)
- RE: DJB's students release 44 *nix software vulnerability advisories Manning, Robert (Mission Systems) (Dec 22)
- RE: DJB's students release 44 *nix software vulnerability advisories Palmer, Paul (ISSAtlanta) (Dec 23)