From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_00E6_01C5B963.47802B10
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   Just to make this clear.  You are not changing your complicated =
scenario from one where adobe pdf javascript can run an arbitrary EXE to =
one where it can run only tftp plus whatever exe you use tftp to =
download.  Wow.  Can you make this even more silly and still keep a =
straight face?

Rich

  "Geo"  wrote in message
news:4328dbce$1{at}w3.nls.net...
  tftp.exe is not arbitrary, it's a known executable in a known =
location. If
  Windows installed in a arbitrary directory (ie if it picked a random =
string
  for the directory name during install) this would not be the case and =
so it
  would make hacking via this technique a whole lot tougher. Encrypting =
the
  registry entry data for the firewall, even if it's only complicated
  obfuscation can make it a whole lot tougher as well.

  Windows doesn't need to be hackproof, it just needs to be a nightmare =
to
  hack, once it's not any fun to hack the hackers will move to something =
else.
  But if you make it easy, well then the path of least resistance..

  Geo.

  "Rich"  wrote in message news:4328c2cf{at}w3.nls.net...
     If you have code running that can run an arbitrary EXE like tftp =
than you
  already own the machine.  You are trying to contrive something =
complicated
  only to try and show that your complicated scenario is a sham.

  Rich




------=_NextPart_000_00E6_01C5B963.47802B10
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   Just to make this =
clear.  You are=20
not changing your complicated scenario from one where adobe pdf = javascript can=20
run an arbitrary EXE to one where it can run only tftp plus whatever exe = you use=20
tftp to download.  Wow.  Can you make this even more
silly and = still=20
keep a straight face?
 
Rich
 

  "Geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:4328dbce$1{at}w3.nls.net...tftp.exe=20
  is not arbitrary, it's a known executable in a known location. =
IfWindows=20
  installed in a arbitrary directory (ie if it picked a random =
stringfor the=20
  directory name during install) this would not be the case and so =
itwould=20
  make hacking via this technique a whole lot tougher. Encrypting=20
  theregistry entry data for the firewall, even if it's only=20
  complicatedobfuscation can make it a whole lot tougher as=20
  well.Windows doesn't need to be hackproof, it just
needs to be =
a=20
  nightmare tohack, once it's not any fun to hack the hackers will =
move to=20
  something else.But if you make it easy, well then the path of =
least=20
  resistance..Geo."Rich"
<{at}> wrote in message news:4328c2cf{at}w3.nls.net...&nbs=
p; =20
  If you have code running that can run an arbitrary EXE like tftp than=20
  youalready own the machine.  You are trying to contrive =
something=20
  complicatedonly to try and show that your complicated scenario is =
a=20
 
sham.Rich

------=_NextPart_000_00E6_01C5B963.47802B10--

--- BBBS/NT v4.01 Flag-5