[Philipp]

[DrSchmoe]

I'm sorry, this is really freaking funny. Basically, what Microsoft is saying is that I could crash computers if I had a hostile custom program running on an IrDA device (Pocket PC, Palm, whatever). IrDA has a reception range of only about 1 meter so I would need to run into their office and zap their computer.

Gee, like the person sitting there wouldn't be slightly peeved by the incident?

And how did they figure this problem out? Did Steve Ballmer go running into Bill's office: "Hey, check this out, I have something cool to show you..."

Look at the security advisory below my comments. I especially love #2.
"or be able to transmit the IRDA packets through reflection directly to the victim's IRDA port"

So, if I get myself an extremely high powered IR emitter and a very complex system of reflectors I can theoretically sit in my office and simultaneously crash all the computers in the office. Cool... Sounds like a challenge.


-------------------
Mitigating factors:

1.) The attack would require that an attacker's machine be within range of the victim's IRDA device, usually within arm's length.

2.) The attack would require that an attacker's machine's IRDA port have either a direct line of sight to the victim's machine, or be able to transmit the IRDA packets through reflection directly to the victim's IRDA port.

3.) To the best of our knowledge, this cannot be used to run malicious code on the user's system.