[4963] in WWW Security List Archive
Automatic trojans
daemon@ATHENA.MIT.EDU (Matthew Patton)
Tue Apr 1 02:37:14 1997
Date: Mon, 31 Mar 97 23:48:43 -0400
From: Matthew Patton <patton@sysnet.net>
To: <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Ok, I doubt this registers on anybody's scope as new, but given the
following:
>Navigator can also automatically download and install plug-ins when it
>encounters a page requiring a plug-in you don't already have.
as featured in Netscape Communicator (or maybe even v3.x?) sounds
like a perfect opportunity to introduce little nasties with perhaps
nothing more than a dialog box asking the user if he wants it. My
guess is the average Joe will just hit the "heck yeah, why not?"
button. Congratulations you've just been infected with (pick your
flavor).
Any thoughts on how to deal with this other than the obvious and
never ending "user awareness training"??
