lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: nick at (Nick FitzGerald)
Subject: Email

D B <> wrote:

> ok ... the click click social engineering vulnerable
> operating system everone seems to target... isnt it
> file extension based ? .... very explotable ...but
> also quite simple to change the extension 

Well, depending on the file's "real type" and the mechanism used to try 
to "open" it, not everything under Windows is extension based.  Try 
renaming any OLE2 format "compound document" type to an extension that 
is not registered then double-click it and see what happens.  There are 
also even ways to get "mis-extensioned" PEs to load and execute under 
some falvours of Windows.

> why isnt a "defanger" standard on all mail gateways ?

Perhaps because it will not be completely successful...

> guess im just not exposed to stupid on a corporate
> scale



Nick FitzGerald

Powered by blists - more mailing lists