[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
John Botwright wrote:
IIRC, windows won't pretend it's a jpg file either.
As the WMF vulnerability shows, some parts of Windows trust file extensions, some parts don't. I don't think this is any different from any other sufficiently complicated system with many people involved. I wouldn't claim any other OS was 100% safe from confusion between name and content. (Note the web delivers content, and its type, and still MS Windows will look inside sometimes).
It should show the *executable* file icon because it has the ".exe" suffix on a file named "foo.jpg". If it showed an *image* icon next to a file called foo.jpg.bar then that would bona-fide design flaw to talk about. Can anyone dispute or confirm this please?
There are several issues around this.First some Microsoft mail clients were plain confusing in presenting this to the user, allowing simple exploitation. But that was over 3 years ago.
So precisely the design flaw you claim wasn't there :( http://www.theregister.co.uk/2003/02/01/trojan_writers_exploit_outlook_express/ The trick continues because;By embedding lots of spaces you can persuade several interfaces to hide the true extension.
The file viewer will hide extensions, making ".jpg" looks like a real extension.
Some people run old code.
The .jpg.exe trick is just a social engineering trick to make you misread what the attachment actually is.
I think this is largely true now, on well patched systems. But it certainly wasn't always true.
The principle reason is that if you send a .pif, .scr, .exe, .bat etc. to a Windows user, when they "open" the attachment it doesn't open in a text viewer, it EXECUTES.This is what should happen because we usually want our client to perform the immediately obvious action for random files .foo, .bar and .baz
This is true of everything but arbitrary executables. You really should handle code which can do arbitrary things to your system differently.
All untrusted data represents a risk, because the code we handle most of it with is not 100% solid, but code that can do arbitrary things is by definitions more of a risk.
but it makes my point that you cannot label design features as "Lunacy" when they are doing exactly what they are supposed to.
Yes you can, if I release a car with brakes designed to fail if you don't service it every 10,000 miles, that would be lunacy if it worked as designed. Running arbitrary ActiveX controls just because they were signed was a similar lunacy. Starting your networking before your firewall, similar lunacy....
Sorry for the rant. I have to work with windows XP and having features taken away in the name of "security" is starting to make me a little unhinged.
Alas Microsofts "new approach" to security, seems to be if it is hard to secure, either disable it, or put a pointless click through warning (Presumably so they can disclaim liability).
Afraid retrofitting security is a flawed approach, seen it at over at least two previous generations of computing technology. Of course Microsoft isn't really retrofitting security in NT, but they have piled onto NT, such a huge amount of backward compatibility it ends up being the same sort of problem.
I suspect Linux and Access Control Lists will be just as much fun, and I suspect SELINUX will prove troublesome for similar reasons. Just no one likes to contemplate the effort in starting again.
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html