[14959] in bugtraq
Re: Fwd: [nohack] Yet another way to disguise files.
daemon@ATHENA.MIT.EDU (Dan Harkless)
Fri May 19 18:23:42 2000
Message-Id: <200005182059.NAA50096@dilvish.speed.net>
Date: Thu, 18 May 2000 13:59:18 -0700
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Ron DuFresne <dufresne@WINTERNET.COM> of "Tue, 16
May 2000 18:10:28 CDT."
<Pine.GSO.4.05.10005161810010.7654-100000@tundra.winternet.com>
Ron DuFresne <dufresne@WINTERNET.COM> writes:
> Has anyone verified if this is also the case on NT boxen?
Yes -- I did my testing on NT 4.0 Service Pack 5.
One thing I've discovered since I made the NeverShowExt -> AlwaysShowExt
changes mentioned by the original author is that all shortcuts now have .lnk
on the ends of their names. Kind of annoying (wish NTFS was a real file
system that allowed links without this "hide the file extension" hack).
It would be tempting to change .lnk back to NeverShowExt, but since
shortcuts can include parameters to a pointed-to executable, what's to stop
a malicious person from emailing a file called neatinfo.txt.lnk that's a
link to something like "C:\dos\format.exe C:"? I'm sure there are scarier
examples as well, not requiring the user to have DOS installed or to have to
approve the destructive action.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
