| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F6042E@UTDEVS02.campus.ad.utdallas.edu> From: pauls at utdallas.edu (Schmehl, Paul L) Subject: A worm... Unfortunately, Microsoft is now including an unzipper program in their OS (XP), so it's much easier for a lay user to make a mistake. It used to be that if you wanted to deal with zip files you needed to download WinZip, PKZip or something similar, but now, thanks to Microsoft, all you have to do is double click. Mind you, it will *still* prompt you for a location to put the archived files and you *still* have to go get those files and double click on them to run them. It's just a bit easier for the novice to get to them now. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ > -----Original Message----- > From: Richard M. Smith [mailto:rms@...puterbytesman.com] > Sent: Thursday, June 26, 2003 7:44 AM > To: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] A worm... > > > Hi Peter, > > Thanks for the background info. Because of the password > issue, any security protections for .ZIP files need to be > built into a unzipper program. As a minimum, Microsoft needs > to put a warning dialog in the Windows unzipper when > double-clicking on an executable file in a .ZIP file that > comes attached to an email message. Better yet, don't allow > .ZIP files to be opened from an email message. Force people > to save them first. Netscape had this second basic > protection scheme in Communicator years ago.
Powered by blists - more mailing lists