| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E97F0997FB84D42B221B9FB203EFA2707E362@dc1ms2.msad.brookshires.net> From: toddtowles at brookshires.com (Todd Towles) Subject: Microsoft Windows XP SP2 I personally think that Microsoft should turn the "hiding of file types" off by default. We all turn it off and it doesn't help basic users learn file types. They go by the icons and therefore the icon issue is a better security threat. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Michael Young Sent: Thursday, August 19, 2004 2:23 PM To: 1@...ware.com; full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] Microsoft Windows XP SP2 Confirmed icon vulnerability as working on SP1 and SP2. I found that regedit.exe, winhelp.exe, and explorer.exe are also vulnerable and display their corresponding icon. I am unsure as to how useful this is as a vulnerability, but it shouldn't be present none the less. Michael Young IT Consultant Miles Technologies (856)439-0999 -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of http-equiv@...ite.com Sent: Thursday, August 19, 2004 11:35 AM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Microsoft Windows XP SP2 Let's commence by giving credit where credit is due. The thinking is that the manufacturer of Windows XP has done a splendid job in patching their little operating system with 300 million dollar's worth of fixes. This is not exactly 'pocket change'. But this is: 1. trivial scripting in the local zone 2. notepad icon regardless of file in XP's little zip thing http://www.malware.com/malware.sp2.zip many other 'bits and pieces' to be had but overall a splendid effort on the manufacturer's part [for now]. Not quite sure where all that money went though. End Call -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists