Hi Bob.

12-Apr-04 03:32:04, Bob Lawrence wrote to Jasen Betts


 JB>> It seems the cookie files are engineered so that they don't start
 JB>> with "MZ" Anyway stick a .EXE filename extension on aything and
 JB>> the system will try to run it, as a .COM format file (raw binary)
 JB>> if it doesn't start with "MZ" but unless something starts
 JB>> renaming the files or makes a special effort cookies won't run.

 BL> Are you saying it's not possible to send a cookie without the
 BL> header (or lack of)? How hard would itbe to write a script that
 BL> remanes the first two bytes of a file?

slightly easier than writing a script that is a virus.
if they can run a script that modifies files on your mahine they don't need
to attempt to attack via cookies.

 JB>> anywhere???

 BL> Aren't they under the control of the sender?

only the data content, the header, filename, and location are under the
control of the browser.

 BL> BTW, there is another thing that worries the shit out of me... the
 BL> Registry. It's a plain text file, but if you enter stuff in there,
 BL> it can make the computer do almost anything.

nope it's a binary file, but yes anything

 BL>> I don't think *you* understand, Rod. What is the difference
 BL>> between a self extracting ZIP file and an EXE file? From memory,
 BL>> six bits in the header. Not a lot of protection... is it?

 JB>> a self-extracting zip file is an EXE.

 BL> As I said... 6 bits in the header. The only thing that
 BL> distinguishes text from an executable is the header.

nope...  on windows it's the filename.

this random looking collection of text characters will run if
saved as something.com or something.exe and executed.

---cut here---
XPPPYZIQD[L-f6-g41GDSCu*SXK,I,IP^P_FX,O,O(GS(GU(GZ(Gnu+J.BETTS98
CFFFRX,`,`2$F={at}!t|rQ0%IuL0%(%(%GERYAARX2%(%t8++j=B|:|>{at}J|(|-([{{at}
*[{)B}(:/jB&B/&J){{at}J|(}-([{{at}]-B{at}*{at}*|--|J^*|J:]}J}<{~""B]}(={
B\:]B"([*-!4vxoMR&]Rfj=O7_t%%wxn%eel03+83eX,p4|%+gx;
ZJH$RPj^%Xl<8$DR&tX{[Mno5NZ.j\\R%q_+2P$(G#S9)W1K1`YXKnc[:%%.:R;F
l#&hTtX#eQ}v*(N$=pLZv0TPc3aRn?%8
,P-Yyi7)A$.h(s&d;u<*,|n\]ghRIUn|qiiQVZa#XL9G#s5qOu#sFfz,%Uf]&jRV1
)%UP'Oh Regards, Bob



 -=> Bye <=-

---