lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: hobbit at avian.org (*Hobbit*)
Subject: A worm...

   if you wanted to deal with zip files you needed to download
   WinZip, PKZip or something similar, but now, thanks to Microsoft, all
   you have to do is double click.

At least it still takes one manual step, from what I'm gathering.
A step which a lot of idiots just casually do anyways, evidently.

But this is a bad trend.  When [not "if"] M$ and friends causes ZIP
contents to be fully auto-execute by default from email messages or
the preview pane, we will have lost one of the last bastions for
people to encapsulate content for each other reasonably safely, that
is still good for the point-n-click desktop crowd.  It'll happen,
sometime, because that's how it always seems to go with them.  Maybe
passworded ZIPs will still be okay, dunno.

The command-line is all but dead, so you aren't going to get your "I
just want it to work" executives understanding the equivalent of
"base64 | rot13" or a return to tar-n-feather or whatever it will
then take to make content available and unfiltered via email.  So
they'll just give up, and we all lose.

Thanks yet again, Unca Bill.

_H*

Powered by blists - more mailing lists