[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: First vulnerabilities in the SP2 - XP ?...

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: First vulnerabilities in the SP2 - XP ?...
From: Matthew Roberts <webmaster@xxxxxxxxxxxxxxxxx>
Date: 18 Aug 2004 18:31:52 -0000

In-Reply-To: <200408180941.16239.radoslav.dejanovic@xxxxxxxx>


>This basically tells the user to open CMD and then execute the attachment in 
>command line. Now, someone has to be really, really dumb to do that.

People might forget that dragging and dropping to a command prompt actually 
executes the file.

I have 2 words, Batch files.. I did not get prompted when I double clicked a 
batch file containing one line "Malicious program.exe"

Sp2 did not also detect that Viri.zip downloaded from the internet and contains 
an EXE inside it...

I am not trying to create bad press for SP2, I personally think very highly of 
it...

But I do think people will enter the trap "Wel it's gonna alert me if it's not 
safe ain't it?" I think that's the biggest issue here

Follow-Ups:
- RE: First vulnerabilities in the SP2 - XP ?...
  - From: Larry Seltzer

Prev by Date: Re: Posible security bug in phpMyWebhosting
Next by Date: Re: Posible security bug in phpMyWebhosting
Previous by thread: RE: First vulnerabilities in the SP2 - XP ?...
Next by thread: RE: First vulnerabilities in the SP2 - XP ?...
Index(es):
- Date
- Thread