| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rgerhards at hq.adiscon.com (Rainer Gerhards) Subject: [Full-Disc]: Xmas virus on the cards ? > > > I noticed this article at http://www.vnunet.com/News/1151553 and > > > it looks alarming - however did not find any more details. > > > > To me, it sounds like someone has misunderstood the "social > > engineering" of an URL that seems to lead to a picture... > > > > http://www.somedomain.com/picture.jpg > > > > Where "picture.jpg" is in fact a folder, not a file, so, a "normal" > > HTML page is sent to the browser instead. I just did a quick test. This works with executables quite well, too. I used IIS, created a directory test.jpg, placed notepad.exe in it and configured iis to use "notepad.exe" as default page. Interestingly, in IE I not only received a warning but the file was also not executable - I guess a little playing with the IIS mime map could "fix" this. In Opera, I got a decent warning (even showing the correct file name) and when I selected to "open" the file, I executed it. I did not do any specific test, just a 2 minute try. > > > > Aka, nothing to care about or filter at all, except trying to keep > > your browser as safe as possible, to prevent exploits in the > > HTML-page. I am not sure... this sounds indeed like a different quality. The orginal poster told about html emails. I guess there can be done some "fun" with this... Rainer
Powered by blists - more mailing lists