| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Locking Windows |
Hi Bob.
12-Apr-04 03:32:04, Bob Lawrence wrote to Jasen Betts
JB>> It seems the cookie files are engineered so that they don't start
JB>> with "MZ" Anyway stick a .EXE filename extension on aything and
JB>> the system will try to run it, as a .COM format file (raw binary)
JB>> if it doesn't start with "MZ" but unless something starts
JB>> renaming the files or makes a special effort cookies won't run.
BL> Are you saying it's not possible to send a cookie without the
BL> header (or lack of)? How hard would itbe to write a script that
BL> remanes the first two bytes of a file?
slightly easier than writing a script that is a virus.
if they can run a script that modifies files on your mahine they don't need
to attempt to attack via cookies.
JB>> anywhere???
BL> Aren't they under the control of the sender?
only the data content, the header, filename, and location are under the
control of the browser.
BL> BTW, there is another thing that worries the shit out of me... the
BL> Registry. It's a plain text file, but if you enter stuff in there,
BL> it can make the computer do almost anything.
nope it's a binary file, but yes anything
BL>> I don't think *you* understand, Rod. What is the difference
BL>> between a self extracting ZIP file and an EXE file? From memory,
BL>> six bits in the header. Not a lot of protection... is it?
JB>> a self-extracting zip file is an EXE.
BL> As I said... 6 bits in the header. The only thing that
BL> distinguishes text from an executable is the header.
nope... on windows it's the filename.
this random looking collection of text characters will run if
saved as something.com or something.exe and executed.
---cut here---
XPPPYZIQD[L-f6-g41GDSCu*SXK,I,IP^P_FX,O,O(GS(GU(GZ(Gnu+J.BETTS98
CFFFRX,`,`2$F={at}!t|rQ0%IuL0%(%(%GERYAARX2%(%t8++j=B|:|>{at}J|(|-([{{at}
*[{)B}(:/jB&B/&J){{at}J|(}-([{{at}]-B{at}*{at}*|--|J^*|J:]}J}<{~""B]}(={
B\:]B"([*-!4vxoMR&]Rfj=O7_t%%wxn%eel03+83eX,p4|%+gx;
ZJH$RPj^%Xl<8$DR&tX{[Mno5NZ.j\\R%q_+2P$(G#S9)W1K1`YXKnc[:%%.:R;F
l#&hTtX#eQ}v*(N$=pLZv0TPc3aRn?%8
,P-Yyi7)A$%t(K*)HDfgl2ZR6+ttX;s%-32cdfruKrMu * Origin: As King Arthur said: Some days it all seems so feudal. (3:640/1042)SEEN-BY: 633/104 260 262 267 270 285 640/296 305 384 531 954 1042 690/734 SEEN-BY: 712/610 848 774/605 800/221 445 @PATH: 640/1042 531 954 633/260 267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.