lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <10598937040714205851fe97ec@mail.gmail.com>
Date: Wed, 14 Jul 2004 23:58:11 -0400
From: "Jordan Cole (stilist)" <stilist@...il.com>
To: nick@...us-l.demon.co.uk
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: RE: Unchecked buffer in mstask.dll


> Why did MS make ".EXE files renamed as .PIF" execute "properly"?  Aside
> from "because we can", I'd not be at all surprised if it was on some
> internal "stupid user tricks we should eliminate support calls for"
> list.

Hm... who really knows why MS does a lot of the things they do? I'd
guess that the reason it works is more because of they way Windows
handles executables or something... considering that .pifs aren't
commonly seen these days, and the fact that most people wouldn't think
to switch the extension. Then again... people can be marvelously
stupid. Don't give the end user any credit of intelligence, and you'll
probably end up about right.

-- 

[stlst]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ