Poor punctuation leads to Windows shell vulnerability

A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks.The attack relies on scripts or batch files that use the command-line interface, or “shell,” on a Windows system but contain a simple coding error—allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.
LXer Linux News

StumbleUponDiggTwitterFacebookRedditLinkedInEmail

Poor punctuation leads to Windows shell vulnerability

A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks.The attack relies on scripts or batch files that use the command-line interface, or “shell,” on a Windows system but contain a simple coding error—allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.
LXer Linux News

StumbleUponDiggTwitterFacebookRedditLinkedInEmail

German City Gummersbach Drops Windows XP and Gets SUSE with a MATE Desktop

Germany is now at the forefront on open source because many cities in this country are either considering the switch to Linux or they have already finished this process. Now, the German city of Gummersbach is reporting that the administration is now almost exclusively running on Linux systems.
LXer Linux News

StumbleUponDiggTwitterFacebookRedditLinkedInEmail