[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] FFSpy Buster : Duarte Silva announces that the
From:       David Blanc <davidblanc1975 () gmail ! com>
Date:       2009-05-29 15:41:12
Message-ID: a502f2cf0905290829p7d51eaebv58d8b68c478bce03 () mail ! gmail ! com
[Download RAW message or body]

Duarte Silva, the creator of the so-called FFSpy PoC seems to be
suggesting that the plugin mechanism of most software which allows a
user to run a plugin in the context of the user running the software
is flawed.

First of all, here is the lame PoC for those who want to read it:
http://myf00.net/?p=18 You can see a few comments where people are
trying to ask how exactly the attack is carried out. However, Duarte
has been giving lame responses such as: "True. But is also interesting
to see that there isn’t nothing to ensure the user the plug-in isn’t
changed."

In his wrap up blog at http://myf00.net/?p=97 he seems to suggest that
the existing plugin or add on mechanism of most software is flawed. Do
read his comments at the end of the blog.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]