[Full-disclosure] DLL hijacking with Autorun on a USB drive
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Aug 27 15:47:07 BST 2010
On Fri, 27 Aug 2010 10:13:21 EDT, Dan Kaminsky said:
> Oh, come on. MS puts more effort into delivering a secure platform than
> pretty much anyone at this point. They're just not the low hanging fruit
> they once were.
Oh, I'll grant you that, they *have* done a great job in the past few years,
the biggest turn-around I've seen in 3 decades in this business.
The point is that we all know that *really* fixing some of these issues will
involve a *complete* re-architect of the system - and that's someplace they
really don't want to go. Look at how many corporations were slow to jump on
Vista - now imagine if the corporations had to wait for pretty much *every
single app* to update to the New World Order. Remember that one of the big
components of vendor lock-in is the cost of jumping ship. Now if the next
WIndows release is as disruptive as jumping ship, you lose a lot of lock-in.
(And remember what people said about the *first* release of UAC in the beta? A
*lot* of people said it sucked hard enough to make them seriously consider
moving to Linux... so it got toned down a whole lot before release.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20100827/9365261c/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.