Re: [Full-disclosure] Downloads Folder: A Binary Planting Minefield



Mitja,
The #1 item on your list of countermeasures should be to advise people to
not run with admin privileges in general and especially when surfing the
web. Your #5 item seems risky to me because the executable won't be updated
if Microsoft issues a patch.

Regards,

Kurt

-----Original Message-----
From: ACROS Security Lists [mailto:lists@xxxxxxxx]
Sent: Friday, February 17, 2012 1:33 PM
To: bugtraq@xxxxxxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx;
cert@xxxxxxxx
Subject: Downloads Folder: A Binary Planting Minefield


This blog post reveals a bit of our research and provides an advance
notification of a largely unknown remote exploit technique on Windows. More
importantly, it provides instructions for protecting your computers from
this technique while waiting for the affected software to correct its
behavior.

http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html

or

http://bit.ly/wmq00a

Enjoy the reading!


Mitja Kolsek, CEO / @mkolsek

ACROS, d.o.o.
Makedonska ulica 113, SI - 2000 Maribor, Slovenia Tel +386.2.3000.280 Fax
+386.2.3000.282 Web http://www.acrossecurity.com Blg
http://blog.acrossecurity.com Twt @acrossecurity

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • Re: Street Craps
    ... even one which had taken no countermeasures against precision ... Beat the Craps Out of the Casinos by Frank ... precision shooting technique. ... craps under casino conditions. ...
    (rec.gambling.craps)
  • Some nice jazz videos
    ... I found this while doing a bit of surfing. ... Some really nice listening ... and nice technique. ... Prev by Date: ...
    (rec.music.makers.guitar.jazz)