ImgBurn vulnerability

Discussion in 'other security issues & news' started by MrBrian, Jan 4, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. wat0114

    wat0114 Guest

    Not to diminish the seriousness of the vulnerability in the application...but where have we seen this before :rolleyes: As usual, social engineering and PEBKAC Syndrome are the keys to exploiting the applications flaw.
     
  3. katio

    katio Guest

    The phrase "don't open untrusted anything" is pretty idiotic if you think about.
    Trust is the most tricky problem of all in the whole security business. What's a "trusted file"? What's "untrusted"? How can you determine which is which? Most of all data that comes over the internet is untrusted: You don't know where it's coming from, who created it, who had access to it and could have modified it, you don't know if it's being tampered with while you are accessing it over the wire and so on.
    We already established the weakest link is the user, relying on him to make this most difficult decision makes no sense.

    The only sensible approach is designing secure software, least privilege, access control, privilege isolation and so on. Random exploit (or backdoor for that matter) in rarely patched 3rd party apps should never result in a full system/user files compromise.

    but that's old stuff, preaching to the choir... :p
     
  4. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
  5. wat0114

    wat0114 Guest

    Pretty easy, actually;
    1. Trusted: known, software vendor's site.
    2. Untrusted: unknown, alternative site

    I tend to go for the first option. Never failed me once in many years of downloading and installing hundreds of files :)
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Years ago, I'd agree with you straight away. But, recent history has shown me things aren't as I thought they were: white or black. Unfortunately, there's a grey area.

    And, unfortunately, this grey area, for example, includes security vendors websites being compromised. So, when I download something from these security vendors, can I be 100% sure they haven't been compromised once more, and that I'm not downloading adulterated files?

    This, then makes wonder if something I'm downloading from a trusted software vendor's site is to be 100% trusted. We do need to make a compromise to what we deem to be trusted, though, right? :D

    Maybe is just a like a web site; what is a trusted and an untrusted one? Long gone are those days. :D
     
    Last edited: Jan 13, 2011
  7. wat0114

    wat0114 Guest

    No one needs to agree. It's just the way I perceive it based on past and recent experience :) Until I experience otherwise, I maintain my view on this.
     
  8. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I have gone from one end of the spectrum to the other, over the years. In my latter days though, i have relaxed all of my security & tend to stay away from untrusted sources. I know what my surfing habits are & know when to up the tempo, whether it be a VM or in a sandbox. My computer i run today has no security software running real-time, only the the OSs features, Sysinternals & a decent system resource monitor.

    Life in the computing world has never been so easy for me.
     
Loading...
Thread Status:
Not open for further replies.