No, if your *client* is removing the attachment, then a minifilter will still see it. This is a silly excuse, and by those standards your "must work behind NAT" requirement wouldn't qualify either.
-
-
Replying to @taviso @artem_i_baranov
Why stop at $100k, why not offer a $1M prize and scope it so it's impossible? I don't get it.
1 reply 0 retweets 8 likes -
Replying to @taviso
Prices starting from $1M are related only for iOS 11 and are not related to security products.)
2 replies 0 retweets 0 likes -
Replying to @artem_i_baranov @taviso
"Wormable" email-based exploit for AV engine need standalone email client on user' PC, who use Gmail and should download your crafted file.
1 reply 0 retweets 0 likes -
Replying to @artem_i_baranov
No. Just prefetching activity and cache writes in Gmail is enough to trigger minifilter. How do you not know that, I've sent Kaspersky a working exploit that worked in Gmail before!
2 replies 7 retweets 57 likes -
Replying to @taviso @artem_i_baranov
Clearly they took it seriously and informed their engineers about it. Clearly.
1 reply 0 retweets 12 likes -
I love u both too, but if I did not download a file in Gmail from attachment, I doubt that FS stack will know about it.
1 reply 0 retweets 0 likes -
Replying to @artem_i_baranov @aionescu
Set up kd, put a breakpoint on your filter and db the data you see, then click around in Gmail. If you see untrusted data, I'm right. If you don't, then you're right. Hint: I'm right.
1 reply 1 retweet 14 likes -
Yes, u need to click Gmail and this is your first action. Wormable vector requires no user actions. That's why payout is high.
2 replies 0 retweets 0 likes -
Replying to @artem_i_baranov @aionescu
It works without user interaction because of prefetching, I've already explained this. Fine, don't click anything, just wait for someone to send you email and watch for activity.
2 replies 0 retweets 8 likes
Why not just remove the requirement for "database update channel" and specify "no user interaction"? If that's the real reason for that requirement, then problem solved.
-
-
Btw, returning to step back, probably "the truth is out there", if attachment is small and GMail places it "as is" on a web-page (attachment will be downloaded among other web page data), FS stack will see it. But in case of not small attachments this situation is excluded.
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.