.desktop files and security
Posted Apr 7, 2006 14:30 UTC (Fri) by smoogen
In reply to: .desktop files and security
Parent article: .desktop files and security
Hmmm I dont think the executable bit would be the fix. The .zip attack is the way to get around that. Send the person a .zip file and they extract the stuff from it. Voila, the user pulls out the executable code with the appropriate bits/extensions in it.
Yes it involves the user.. but this attack works 30% of the time from what I can tell from cleaning up windows machines.
to post comments)