Re: Hey old people

[Blue Boar <BlueBoar () thievco com>]

Drsolly wrote:
> My favourite is the one whereby an IBM PC tries to boot from a floppy disk 
> by loading and executing the boot sector, even if your normal bootup is 
> from the hard disk. That was introduced with the IBM XT, (1983, I think) 
> and first exploited in 1986.

:)

In the sense that the XT was the first model available for sale with a 
HD, yes.  You could retrofit the 5150B with a HD, though.  That model 
would have been 81 still, or maybe 82.  I don't know if you could have 
bought a HD for it then.

> But for a really old vulnerability you want the one whereby is you have an 
> EXE file, and put a COM file in the same directory, then the COM file gets 
> executed in preference to the EXE file when you type the filename without 
> extension. That existed in 1981, although it wasn't realised that it was a 
> vulnerability until the 1990s

I was going to point out .exes being introduced with DOS 2.0, but Larry 
beat me to it.

That's the spirit though, Solly.  It doesn't say so on the page, but 
we're thinking to qualify, the OS would have to me multi-user (or 
multi-processing might be sufficient, depending...) and that there would 
have to be a hardware-supported supervisor mode.  I don't think DOS 
would qualify.

Besides, I've got one submitted from 1972. ;)

                                                BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.