Full Disclosure mailing list archives

Re: Email

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 05 Feb 2004 16:45:51 +1300

D B <geggam692000 () yahoo com> wrote:

ok ... the click click social engineering vulnerable
operating system everone seems to target... isnt it
file extension based ? .... very explotable ...but
also quite simple to change the extension


Well, depending on the file's "real type" and the mechanism used to try 
to "open" it, not everything under Windows is extension based.  Try 
renaming any OLE2 format "compound document" type to an extension that 
is not registered then double-click it and see what happens.  There are 
also even ways to get "mis-extensioned" PEs to load and execute under 
some falvours of Windows.

why isnt a "defanger" standard on all mail gateways ?


Perhaps because it will not be completely successful...

guess im just not exposed to stupid on a corporate
scale


8-)


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Email D B (Feb 04)
- Re: Email Ake Nordin (Feb 04)
  - Re: Email D B (Feb 04)
    - Re: Email Nick FitzGerald (Feb 04)
- Re: Email Valdis . Kletnieks (Feb 04)
- Re: Email Nick FitzGerald (Feb 04)
- <Possible follow-ups>
- RE: Email Jos Osborne (Feb 04)
  - Re: Email Damian Gerow (Feb 04)
    - Re: Email Valdis . Kletnieks (Feb 04)
    - Re: Email madsaxon (Feb 04)
    - Re: Email Vinay Tiwari/MUM/IN/STTL (Feb 04)
    - Re: Email gadgeteer (Feb 04)
- RE: Email Jos Osborne (Feb 04)
  - Re: Email Damian Gerow (Feb 04)

(Thread continues...)