[wpkg-users] security issues

Brian May bam at snoopy.apana.org.au
Tue Jun 5 04:47:18 CEST 2007


Hello,

Has anybody considered security issues with wpkg?

As far as I can tell, wpkg requires the local network to be
trusted. If it cannot be trusted, and the server goes off-line, then
anybody could set up a fraudulent server with the same name, which
serves a fraudulent copy of wpkg.js that does malicious things.

As wpkg.js runs, automatically, as the system user on every Windows
computer, this would be an easy way to bring all Windows computers in
a company down.

I conducted some tests using domain level security, but found I
domains do not prevent this type of attack.

Any thoughts?

Thanks.
-- 
Brian May <bam at snoopy.apana.org.au>


wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users



More information about the wpkg-users mailing list