[37938] in bugtraq
Re: DJB's students release 44 *nix software vulnerability advisories
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Thu Dec 23 15:48:04 2004
Message-ID: <41CA7EF7.7010905@immunix.com>
Date: Thu, 23 Dec 2004 00:16:55 -0800
From: Crispin Cowan <crispin@immunix.com>
MIME-Version: 1.0
To: "Steven M. Christey" <coley@mitre.org>
Cc: bugtraq@securityfocus.com
In-Reply-To: <200412212125.iBLLP2J3010891@linus.mitre.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Steven M. Christey wrote:
>In addition to modeling the level of authentication needed, I've been
>thinking that it might also be important to note how much user/victim
>participation is required for activation of the exploit, i.e. whether
>the issue can be automatically exploited by normal user activity
>(e.g. by simply reading an email message) or whether there's some
>social engineering involved. However, I haven't put much thought into
>terminology for this besides:
>
> - automatic: exploit is automatically activated as a result of
> normal usage of the product
>
>
I call this class "worms", or more grammatically a class of remote
vulnerabilities subject to worm attack. where the malware can propagate
unassisted.
> - complicit: requires some victim participation or inaction
>
>
I call this class "viruses, same grammar hack as above. These require
the victim to click on something, or such like, before the malware can
propagate.
> - opportunistic: can not really control when, or if, the victim
> activates the exploit
>
>
I'm having a hard time seeing the difference between "complicit" and
"opportunistic".
Crispin
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
CTO, Immunix http://immunix.com
