Quote:
Originally Posted by knc1
You have not been keeping track -
It is demonstrated above that only one executable file needs to be on the Kindle - followed by visiting the appropriate malicious site.
Anyone can be suckered into doing those things through social engineering.
This public expolit has been reported to CERT and a CVE number requested.
Yes, this is a real hazard.
|
That's exactly what I said. You need to download an executable and copy it to the device.
My point was that it didn't seem to be a lucrative target for a botnet operator. It takes more steps to socially engineer, and has less power.
Something can both be a hazard and yet not cost effective to deploy a botnet with. Still should be fixed, obviously.
(It might work better as a targeted attack stealing browser cookies or something.)