[PLUG] Shatter Attacks - How to break Windows
Anthony Schlemmer
aschlemm at attbi.com
Wed Aug 7 19:18:01 UTC 2002
Hasn't Microsoft provided some security patches for this behavior in
OutLook? I recall my wife having a difficult time when one of her
classmates emailed her a program and OutLook seemed to put the
attachment in the bit bucket. We ended up using my email address and I
saved the executable attachment from KMail instead. I don't know what
OutLook is doing but there are times when you might need the ability to
receive an executable attachment and don't want your email client to
bit bucket the the thing.
I haven't really looked at OutLook to see if I can turn this behavior
off or not. At least with Linux I can save off the file on our
fileserver and then I can then virus scan the file with Norton
Anti-Virus before allowing anyone else to access the file.
Tony
On Wednesday 07 August 2002 05:09 am, J Henshaw wrote:
> ----- Original Message -----
> From: "E. Rogan Creswick" <creswick at cs.orst.edu>
> To: <plug at lists.pdxlinux.org>
> Sent: Wednesday, August 07, 2002 6:54 PM
> Subject: Re: [PLUG] Shatter Attacks - How to break Windows
>
> > I agree with Richard. Anything Outlook runs would have the ability
> > to exploit these bugs (since attachments are run by the user
> > locally), and in my book that is nearly as bad as a remote exploit.
> >
> > -Rogan
>
> It IS a remote exploit, and it's actually worse than the kind you
> are contrasting it with; because everyone opens their email, with a
> false sense of security.
>
> This makes any machine vulnerable, not only those running a service
> and connected 24/7...
>
> Limitless possibilities.
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
--
Anthony Schlemmer
aschlemm at attbi.com
More information about the PLUG
mailing list