Forte Systems - Iosif Peterfi wrote: > Basicaly, compound attacks need the victim intervention. No; compound attacks need more than one attack vector. In your example of attacking a web server, the attacker needs a compound attack comprised of a remote->local attack and a local->root attack to take over the machine. It is "compound" in that it is comprised of more than one attack, but does not necessarily involve the victim's intervention. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com
