lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <28915501A44DBA4587FE1019D675F98307C70A@grfint.intern.adiscon.com>
From: rgerhards at hq.adiscon.com (Rainer Gerhards)
Subject: 9/11 virus

actually, as an advise to microsoft, it may be a good idea to not follow
the doubleclick paradigm if 

a) it is any kind of executable

AND

b) it has two dots in it

The later could also specifically look at .jpg.exe and such. We filter
many of these constructs at the gateway level. It's easy and it works.
The only thing is that you must always catch up with those 20+ year old
file extensions that turn out to be executable... A complete list from
Microsoft would be very helpful. A partial list compiled by us is here
(a German page, but I bet you get the idea ;))

<http://www.exchange-antivirus.de/Support/Empfehlung-zu-sperrende-Dateie
rweiterungen.asp>

And, yes, this is an ugly long URL and it will most probably be broken
by your mail client. So be sure to reassmble it before entering it into
the browser ;)

Rainer

> -----Original Message-----
> From: vogt@...senet.com [mailto:vogt@...senet.com] 
> Sent: Thursday, September 11, 2003 2:42 PM
> To: full-disclosure@...ts.netsys.com
> Subject: AW: [Full-Disclosure] 9/11 virus
> 
> 
> > Add the inevitable batch of new 9/11 viruses to the heap of 
> > avoidable-but-commonplace user-dependent vulnerabilities.
> 
> It ain't a user-dependent vulnerability. It exploits 
> shortcomings in the
> interface. It exploits the fact that what the machine does is 
> not what the
> user wants or expects it to do.
> 
> User: 
> "I want to see this picture."
> 
> Machine: 
> Ok...
> ...oh, it isn't a picture, it's an executable...
> ...so, let's execute it.
> 
> The user never wanted to execute a file, he wanted to see a 
> picture. It's a
> miscommunication issue, not stupidity of users. A better 
> interface would
> prevent it. For example, imagine for one second that there 
> were no implicit
> actions, i.e. there is no "doubleclick and the right thing 
> will happen", but
> you always have to state WHAT you want to do.(*)
> 
> It's not a user issue. Users aren't stupid, they just have a 
> limited need to
> know. You'd be shouting at your car mechanic if he told you 
> that it's your
> fault that the car burst into flames because that's just what 
> it does when
> you open the trunk while the headlights are on and the gear 
> is in reverse.
> 
> But hey, it's not like we haven't known this ever since the 
> first Outlook
> worm, and it could've been solved for years.
> 
> 
> Tom Vogt
> 
> 
> (*) And don't tell me users wouldn't accept that. Every other 
> electronic
> device works that way. You don't press POWER on your TV and 
> expect it to
> know which channel you want.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ