[Tizen Application-dev] Executing shell command
Pierce, Dean E
dean.e.pierce at intel.com
Mon Mar 26 18:34:24 GMT 2012
My first thought :
"Oh god I hope not."
My second thought:
"Wouldn't that be insane if someone actually did that?"
My third thought:
"I really hope someone isn't in their cube right now trying to
implement this as a surprise feature for the next release."
terrifying idea. Microsoft tried it once, and they are still trying
to get that monster back in the box (ActiveXObject('WScript.Shell')).
Remember that the nature of HTML allows attackers to create new
iframes in arbitrary uncontrolled contexts. There are multiple ways
for attackers to impersonate domains and assume the rights of various
applications. If my talk at the tizen conference gets accepted, I
will be talking about this in detail.
More information about the Application-dev