Does this same plugin system also apply to emule? On Thu, 18 Dec 2003 07:03:17 -0500, ashton wrote > 1. giFT is unix - until noted otherwise, so goodluck. 2. Windows > Media is not P2P with a built in search of 1.2 million people for > the "uber upload limit crack plugin" in which when loaded is an > actual virus, it's very hard for joe average to get a harmful WMP > plugin but with this method in Overnet it's too easy, plus they > could propogate themselves through Overnet vulnerabilities on top. > > -----Original Message----- > From: Pavel Kankovsky [mailto:peak@argo.troja.mff.cuni.cz] > Sent: Wednesday, December 17, 2003 6:43 PM > To: Julian Ashton > Cc: bugtraq@securityfocus.com > Subject: Re: Edonkey/Overnet Plugins capable of Virus/Worm behavior > > On 17 Dec 2003, Julian Ashton wrote: > > > Good question, I have been working on plugin systems suchs as giFT and > > Windows Media for quite a while and while they can do some neat > > things, this kind of behavoir cannot happen because of the way they > > were architechted. When I think of "plugins" I think of 1. An sdk. 2. > > Methods that you create that the "client" listens for. 3. All code in > > the plugin is sent to the "client" not the OS level. 4. Mainly COM > > (this plugin uses full use of C++/MFC in a DLL) > > Excuse me...how do giFT or Windows Media prevent their plugins from > accessing the OS interface directly and doing whatever they (the > plugins) want to do? Do they run the plugins in a virtual machine? > > --Pavel Kankovsky aka Peak [ Boycott Microsoft-- > http://www.vcnet.com/bms ] "Resistance is futile. Open your source > code and prepare for assimilation." -- Open WebMail Project (http://openwebmail.org)
