Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to....

from [Smith, Jeff] Network Security [Permanent Link]
Subject: RE: How to....
Date: Wed, 28 Sep 2005 10:14:25 -0500 
You gotta love Windows...  I don't see this as a real problem.  The
reason being if some one can do what you describe they have already
compromised the machine.  It would the equivalent of locking your fridge
so a burglar can't have a refreshing beverage while robbing you.

Along this same vein, a trojan could change the icon of any shortcut to
point to any exe or dll with resources.   

-----Original Message-----
From: Greg [mailto:security-basics@pchandyman.com.au] 
Sent: Monday, September 26, 2005 7:32 PM
To: security-basics@securityfocus.com
Subject: How to....

....really shoot your XP machine in the foot, so to speak.

Pick any program shortcut that is pinned to your start menu. If you
don't 
have any, find any old program shortcut (or make one) then pin it to
your 
start menu. Now go find some other shortcut to a completely different 
program and open it's properties. Copy the full path info from that one
and 
past it into the path info in the properties for that other shortcut
that is 
pinned to the start menu and click OK to make it stick. Now carefully
look 
at that icon. It hasn't changed. Now click on it. The icon now starts
that 
other program instead of the one it looks like it is SUPPOSED to start.

Now while all that is simple "so what?" to most of you, think of this -
I 
deal in a lot of low level security stuff that is below the radar of a
lot 
of you but if an icon that is frequently used in the list of commonly
used 
programs or those pinned to the start menu can be so easily changed to
start 
some other program yet not look like it was tampered with at all, why 
couldn't the next Trojan include code to do this? Eg, place a Trojan on
the 
C drive, copy the full path info into the "Windows Update" icon on your 
start menu (for example) where it runs that Trojan instead. That Trojan
may 
do what it is designed to do and also do the actual starting of Windows 
Update after that.

What stops a local user or a Trojan doing this in a normal XP
installation 
that hasn't been changed and all runs at admin levels as so many
businesses 
do?

Greg.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Anonymize internet access, Jeffrey F. Bloss
Next by Date:  Anonymous FTP Alternative, Mogren, Jack L.
Previous by Thread:  Re: How to...., Ansgar -59cobalt- Wiechers
Next by Thread:  RE: How to...., Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]