-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At some point hitherto, Bill Bogstad hath spake thusly:
> >Thusfar, the attack outlined requires intervention of the user at the
> >console (or the console of a Citrix client), and the above is not
> >currently known to be possible.  However, I would be very surprised if
> >someone did not reveal a way to do this in the near future...
> 
> >From the web site:
> 
> ... Oh, and it doesn't require console access either - I've
> successfully executed these attacks against a Terminal Server a
> hundred miles away. ...

Right, but it does require user intervention -- i.e. consle access to
the Citrix *client*, which was what I was trying to say.  Many of the
e-mail viruses do their damage without the user doing anything.  I was
alluding to the possibility of existence a similar attack, *without*
any user intervention whatsoever.

- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9UDjJdjdlQoHP510RAkrvAJ9klmdUD83FOYiCRgA6Q0tWTmxA8ACglJaJ
HMj9be+ybpevWStHGe5/w5s=
=6mMW
-----END PGP SIGNATURE-----