TIP: Click on subject to list as thread! ANSI
echo: nthelp
to: Glenn Meadows
from: Rich
date: 2004-08-20 12:22:58
subject: Re: XPSP2 is barely out, and first exploit claimed again

From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0CBC_01C486B0.6DD68D40
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   If someone had such an exploit than it would be a problem.  What the =
folks here did not do, especially when ego is an issue, is claim that =
there is no problem and they don't have one but maybe someday they might =
if they find a real problem.

Rich

  "Glenn Meadows"  wrote in message =
news:41261d8b$1{at}w3.nls.net...
  Yea, I noticed/realized that, but you know users, can't live with =
them, can't live with them.....Eventually, someone might write an = exploit
that uses this on a single click of the image...those people = that try to
do this stuff are very inventive in ways to get users to do = stupid stuff,
for sure.

  --=20
  Glenn M.


    "Rich"  wrote in message news:41261593$1{at}w3.nls.net...
       This requires the user to explicitly drag and drop a broken image =
to somewhere.  Once you start with scenarios which require the user to = do
stuff like this you can imagine all sorts of things.  That the image = is
broken makes it worse.

    Rich

      "Glenn Meadows"  wrote in message =
news:41260c9c{at}w3.nls.net...
      May not be new, but just discovered/posted.

      http://www.theregister.co.uk/2004/08/20/sp2_scripting_vuln/

      --=20
      Glenn M.



------=_NextPart_000_0CBC_01C486B0.6DD68D40
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   If
someone had such an =
exploit than it=20
would be a problem.  What the folks here did not do, especially =
when ego is=20
an issue, is claim that there is no problem and they don't have one but = maybe=20
someday they might if they find a real problem.
 
Rich
 
"Glenn Meadows" <gmeadow{at}comcast.net>">mailto:gmeadow{at}comcast.net">gmeadow{at}comcast.net> wrote = in message=20 news:41261d8b$1{at}w3.nls.net... Yea, I noticed/realized that, but you know users, can't live with = them,=20 can't live with them.....Eventually, someone might write an exploit = that uses=20 this on a single click of the image...those people that try to do this = stuff=20 are very inventive in ways to get users to do stupid stuff, for = sure. -- Glenn M.
"Rich" <{at}> wrote in message news:41261593$1{at}w3.nls.net... This requires the user = to=20 explicitly drag and drop a broken image to somewhere. Once you = start=20 with scenarios which require the user to do stuff like this you can = imagine=20 all sorts of things. That the image is broken makes it=20 worse. Rich "Glenn Meadows" <gmeadow{at}comcast.net>">mailto:gmeadow{at}comcast.net">gmeadow{at}comcast.net> = wrote in=20 message news:41260c9c{at}w3.nls.net...Ma= y=20 not be new, but just discovered/posted.http=">http://www.theregister.co.uk/2004/08/20/sp2_scripting_vuln/">http= ://www.theregister.co.uk/2004/08/20/sp2_scripting_vuln/--=20 Glenn = M. ------=_NextPart_000_0CBC_01C486B0.6DD68D40-- --- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267 270
@PATH: 379/45 1 396/45 106/2000 633/267

SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.