Security Basics mailing list archives
Re: Minimal User Interaction with Links
From: PEra <lists () sevenlayers org>
Date: Sun, 16 Aug 2009 22:10:10 +0200
Hello Sandeep Cheema, 51l3n73y3s wrote:
As soon as I click on it, my AV gives me the message about the detection at "%temp%\ NcsWJCau.com.part" and the page also gives me an option to save the file. Doesn't this mean that the file is being stored in the temp directory without user interaction?
From the ".part" in the file name I assume you are unsing Firefox/Mozilla browser. And yes, you are right - Firefox starts downloading right away after you click the link. It downloads to a temporary directory while you are browsing your filesystem with the "save as" dialog.
If you choose to not download the file by closing the "save as" window, the file is deleted. I don't know if it could be a security problem - downloaded files are randomly named and not executed. Mozilla sees it as a feature :)
Best regards, PEra ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Minimal User Interaction with Links 51l3n73y3s (Aug 14)
- Re: Minimal User Interaction with Links Micheal Espinola Jr (Aug 14)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links Steven M. Christey (Aug 14)
- Message not available
- RE: [WEB SECURITY] Re: Minimal User Interaction with Links Schmidt, Chris (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links 51l3n73y3s (Aug 18)
- RE: [WEB SECURITY] Re: Minimal User Interaction with Links Schmidt, Chris (Aug 18)
- RE: [WEB SECURITY] Re: Minimal User Interaction with Links Vance, Michael (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links 51l3n73y3s (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links Bil Corry (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links 51l3n73y3s (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links Steven M. Christey (Aug 14)
- Re: Minimal User Interaction with Links Micheal Espinola Jr (Aug 14)