RE: Re: Image-handling flaws put Windows PCs at risk

["Wolfe, James M" <james.m.wolfe () lmco com>]

Actually, I just wrote a small executable that changed the registry to
open certain file types in Notepad as someone mentioned earlier. It
isn't so much a matter of reading the documentation or even removing
those that you don't want as it is removing crap that you don't need.
I've told Microsoft many times that ANYTIME one of their developers
stands up in a meeting and says "wouldn't it be cool if" they should be
forcibly removed from the premises after being smacked around a bit. :-D

Regards,
James
  
-----Original Message-----
From: James Eaton-Lee [mailto:james.mailing () gmail com] 
Sent: Thursday, November 10, 2005 7:03 AM
To: Barrie Dempster
Cc: Wolfe, James M; funsec () linuxbox org
Subject: RE: [funsec] Re: Image-handling flaws put Windows PCs at risk


> As a corollary to this, as well as disabling WFS and removing the file
altogether, it would also have been relatively    >simple to add an
'everyone deny' permission to this file in order to prevent it from
being used - although I'm not sure  >quite what this particular file
might break if removed (or ACL'd), I've used this on DLLs in the past
quite successfully >where removal of the file hasn't been appropriate
(or where it's been a temporary measure)

> Using file permissions would also have let you deploy this via group
policy (or as a security policy, since you seem to  >prefer NT) to a
large number of machines with ease (Computer Configuration/Windows
Settings/Security Settings/File System >in the Group Policy tree) - not
so much a case of "So much for being able to remove features that you
don't want." as "So >much for reading the manual". :P

> - James.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.