North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

[no subject]

  • From: Dave Temkin
  • Date: Wed Jan 28 14:50:15 2004

On Wednesday 28 January 2004 08:37, Dave Temkin  wrote:
>> So?  Had the virii been an application compiled for RedHat and
>> everyone ran RedHat instead of Windows and they downloaded it using
>> Evolution and double clicked on it, it would suddenly be RH's fault
>> instead of MIcrosoft's?

>If RedHat, by default had you running as root rather than an unprivledged
>user, it sure would be.
>
>Most Windows boxes are running with administrative privledges.  That
>makes
>Windows a willing accomplice.  The issue isn't that people click on
>attachments, but that there are no built in safeguards from what happens
>next.
>
>--
>Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Cry
>havoc,
>and let slip the dogs of war! Email acceptance policy:
>http://paradigm-omega.com/email_policy.php


You're the second person to say that and it's still wrong.  The virii,
once resident, opens a connection to port 25 on an open SMTP server,
whether it be the user's ISP relay or local server.  Sure, it can't
install itself into /etc/init.d, but it sure can launch itself bg instead
of fg and be running until the user either kills it or reboots the box.

Also, for reference to other people - the preview pane does *not* allow
the execution of attachments unless they're double-clicked on and
acknowledged.  Again - we're not talking about another OS or Outlook
exploit, only a stupid user exploit.


-- 
David Temkin