[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Edonkey/Overnet Plugins Could Pose Harm

To: "'petard'" <petard@freeshell.org>
Subject: RE: [Full-Disclosure] Edonkey/Overnet Plugins Could Pose Harm
From: "ashton" <ashton@joltmedia.com>
Date: Wed, 17 Dec 2003 11:16:06 -0500

Signing does make it safe if MetaMachine(the company) does it and has
Overnet check for this before executing that code. WMP does not have sockets
open to 1.2 million users neither does IE. We are talking peer to peer, the
plugin can send a flood off popups to all 1.2 million users at one time as a
message, it can copy the "uber upload limit crack" to the shared folder, it
could even be a legit plugin and then timebomb in 6 months and have 2
million users DDOS'ing, it's just not a good model for P2P and Plugins, I
mean P2P has enough issues with virus propogation.

-ashton

-----Original Message-----
From: petard [mailto:petard@freeshell.org] 
Sent: Wednesday, December 17, 2003 10:54 AM
To: ashton
Subject: Re: [Full-Disclosure] Edonkey/Overnet Plugins Could Pose Harm

On Wed, Dec 17, 2003 at 10:45:52AM -0500, ashton wrote:
> My attempt is to get MetaMachine to make them all be SIGNED before they
can
> be loaded, it's a P2P app and would have 1.2 million+ times the effects of
> an WMP plugin, perhaps you took it wrong. My COM statement was that any
> dumbarse can write something in MFC to be harmful but when it is pure C++
> and COM it's not as easy, MFC gives virus writers or n00bs an easy route
at
> creating these plugins. So my goal is what I first stated, you cannot
> compare WMP or PS to Overnet w/ Plugins because Overnet has 1.2 million
> online users at your disposal instantly. You must look at it as a whole.
> 
Is there some automatic way to get the 1.2 million users to download and
install them or something? What would make all 1.2 million plus users
download an eDonkey plugin? Signing code doesn't make it safe. I can
sign malicious ActiveX; if I can still get you to execute it, I win.
Look at gator. There are well more than 1.2 million WMP users (well over
10 million, in fact!). Or IE users. And nothing similar has happened.

(And COM is really not harder than "pure C++"... try it :-) I've seen some
real "n00bs" write COM objects.)

regards,

petard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Edonkey/Overnet Plugins Could Pose Harm
Next by Date: [Full-Disclosure] IE Content Manager
Previous by thread: RE: [Full-Disclosure] Edonkey/Overnet Plugins Could Pose Harm
Next by thread: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 17/Dec/2003
Index(es):
- Date
- Thread