From: "Rod Gasson" 
Reply-To: Fidonet AVtech Echo 

From: "Bob Lawrence" 
Newsgroups: fido.aust_avtech
To: 
Sent: Sunday, April 18, 2004 10:23 PM
Subject: Locking Windows


> RG> browser you are using). It's not as though the sender of a
> RG> cookie can tell it to save anywhere else other than the
> RG> designated cookie folder.
>
>  How many in your folder, Rod?

Fucked if I know or care.

> A thousand?

Probably more.

> Which one is the trojan?

It doesn't matter or bother me if they are ALL trojans.
I'M not going to attempt to run any of them, and NO ONE ELSE CAN!!!

> The *one* person who knows (besides God) is the guy who sent it. That
> worries me.

Doesn't bother me and more than the several dozen viruses sitting in my
wewbcache bother me.
They are totally harmless unless someone tries to run them, and I am the
ONLY person that can do that in spite of what YOU would like to believe.

> > To me, it seems rather simple to write a false "cookie" that runs
> > automatically.
>
> RG> If it were that simple, don't you think there'd be hundreds of
> RG> virus's already out there taking advantage of what you percieve
> RG> to be a major secruity risk?
>
>  What's this "major?" I consider it a source of concern.

OK you pedantic prick, have it your way.  If it were that simple don't you
think there'd be hundreds of viruses already out there taking advantage of
the MINOR security risk?

>  It seems to me, that if I sent you a cookie that was actually an
> executable named wrongly, you'd never find it.

No, I probably wouldn't, because I wouldn't be looking for it, and I know
that EVEN IF THE COOKIE WERE AN EXECUTABLE it would be HARMLESS unless *I*
run it. No one else can!

> It also seems to me
> that if I am able to *name* the cookie on you machine that I might be
> able to re-name it and then by opening it, Windows would run it, but
> I can get at it in other ways. I can send you a "harmless" readme.doc
> that WORD woudl open with an Autoexec macro that opened the "cookie."



You just don't get it bob.

Look, I'll make this easy for you.
I've just placed a copy of the MIMMAIL virus in my cookie folder.
I've given it a nice easy name called "virus.exe".   If I
doublclick, or run
this file by any means I *will* be infected..
The challenge is for YOU to execute this file for me.

If it is going to make it any easier for you I will gladly rename and/or
place this file *anywhere* on my hard drive that YOU specify.

Unless you CAN do this, you are obviously speaking out of your arse.

>  The fact that no one has done it yet doesn't faze me.

DO it.  Prove the point.  I'll do EVERYTHING you ask of me to make this as
easy as possible for you. (anything except running the virus program
myself).

If you don't like my choice of virus - send me one of your choosing. Tell me
where to put it and what to call it. I'll happily comply, knowing that there
is NO WAY for YOU to run ANY program on my machine.

> > Any self-loading program is susceptible.
>
> RG> Yes it is, and that's why the smart people simply disable this
> RG> capability. I always thought you were smart.
>
>  I *am* smart,

I used to think so, but I think you are slowly loosing your marbles, at
least in regards to the topic at hand.

> and what you think about it is of no consequence. I do
> you the courtesy of not talking down to you, I expect you to do the
> same for me.

Sorry, I don't/didn't mean to talk down to you, but unless you are simply
shit stirring, many of the things you have stated in this thread are things
that I'd expect to hear coming from someone that doesn't have a clue as to
how a computer works.

Example, you have made several mentions that the difference between a
regular zip file and a self extracting zip file is a matter of half a dozen
bits in the header, and that these half a dozen bits "don't offer much in
the way of protection".  This is the way computer illiterate people think -
They tend to assume that if 99.999% of any given program is intact then the
program will actually run 99.999& of the time.  We both know that in reality
it only takes ONE corrupt bit to make even the best written program to fall
over in a screaming heap.

It sure would be nice if I could write a program containing errors in 10% of
the code and expect it to work 90% of the time :-)

Anyway, that said, I've laid down the challenge - there is a virus
executable (called virus.exe) currently residing in my cookie folder. I want
you to run it for me, and if you can't, please let me know what I need to do
to make it even easier for you.  I simply want to prove a point that NO ONE
can run ANY file on my system without my consent!

Rgds
Rod





















--- ifmail v.2.15