Full Disclosure mailing list archives
Re: A worm...
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 26 Jun 2003 10:25:56 -0700
i realy do not see this scenario being any more effective... ----- Original Message ----- From: "Schmehl, Paul L" <pauls () utdallas edu> To: "Richard M. Smith" <rms () computerbytesman com>; <full-disclosure () lists netsys com> Sent: Thursday, June 26, 2003 7:53 AM Subject: RE: [Full-disclosure] A worm...
Unfortunately, Microsoft is now including an unzipper program in
their
OS (XP), so it's much easier for a lay user to make a mistake. It
used
to be that if you wanted to deal with zip files you needed to
download
WinZip, PKZip or something similar, but now, thanks to Microsoft,
all
you have to do is double click. Mind you, it will *still* prompt you for a location to put the
archived
files and you *still* have to go get those files and double click on them to run them. It's just a bit easier for the novice to get to
them
now. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/-----Original Message----- From: Richard M. Smith [mailto:rms () computerbytesman com] Sent: Thursday, June 26, 2003 7:44 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] A worm... Hi Peter, Thanks for the background info. Because of the password issue, any security protections for .ZIP files need to be built into a unzipper program. As a minimum, Microsoft needs to put a warning dialog in the Windows unzipper when double-clicking on an executable file in a .ZIP file that comes attached to an email message. Better yet, don't allow .ZIP files to be opened from an email message. Force people to save them first. Netscape had this second basic protection scheme in Communicator years ago._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: A worm..., (continued)
- Re: A worm... Roy S. Rapoport (Jun 26)
- Re: A worm... morning_wood (Jun 26)
- SV: A worm... Peter Kruse (Jun 26)
- Re: A worm... ATD (Jun 26)
- RE: A worm... *Hobbit* (Jun 25)
- RE: A worm... ATD (Jun 26)
- RE: A worm... M. Osten (Jun 26)
- Re: A worm... Brett Hutley (Jun 26)
- RE: A worm... Nick FitzGerald (Jun 26)
- RE: A worm... ATD (Jun 26)
- Re: A worm... morning_wood (Jun 26)
- RE: A worm... ATD (Jun 26)