Bugtraq mailing list archives
RE: [Full-disclosure] Next generation malware: Windows Vista's gadget API
From: "Strykar" <str () hackerzlair org>
Date: Mon, 17 Sep 2007 23:04:28 +0530
Firstly, "the sky isn't falling, the risks posed by the gadget API already existed elsewhere in Windows generally, but this is another new attack surface without any legacy dependencies". This is my general view on the gadget API.
Yahoo widgets.
Finally, why on earth does the trust model for gadgets consist of full trust and nothing more. Why not allow gadgets to state in their manifest that for example they don't need to execute things, won't make use of ActiveX controls and will only connect to a specific host?
Or have the OS force a restrained environment for them to run within. The usability and convenience offered by them isn't worth the opportunities they proffer.
Current thread:
- Next generation malware: Windows Vista's gadget API Tim Brown (Sep 13)
- Re: Next generation malware: Windows Vista's gadget API Todd Manning (Sep 13)
- RE: Next generation malware: Windows Vista's gadget API avivra (Sep 17)
- RE: Next generation malware: Windows Vista's gadget API Roger A. Grimes (Sep 14)
- RE: Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 17)
- Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 17)
- Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Thierry Zoller (Sep 17)
- Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API Tim Brown (Sep 17)
- RE: [Full-disclosure] Next generation malware: Windows Vista's gadget API Strykar (Sep 19)
- Re: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 17)
- RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Roger A. Grimes (Sep 17)
- Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API Tim Brown (Sep 17)
- RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 18)
- RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Ed Patterson (Sep 18)
- RE: Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 17)
- Re: Next generation malware: Windows Vista's gadget API Todd Manning (Sep 13)