[19980] in bugtraq
Re: Invisible file extensions on Windows
daemon@ATHENA.MIT.EDU (Nick FitzGerald)
Sun Apr 1 13:00:00 2001
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Message-ID: <200104010213.OAA25861@fep3-orange.clear.net.nz>
Date: Sun, 1 Apr 2001 14:13:26 +1300
Reply-To: nick@virus-l.demon.co.uk
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200103302048.MAA18734@dilvish.speed.net>
Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET> wrote:
> > Just to clarify, this is only true when using Windows Explorer.
>
> Are you sure? My understanding when this last came up a year ago was that
> email programs (at least the Outlook variants) also obeyed the setting when
> showing the names of attachments (just as they obeyed the "Hide file
> extensions for known file types" Windows Explorer setting, allowing the
> "iloveyou.txt.vbs" email worm).
Well, your understanding is not supported by any experimental testing
I have done nor any actual testing I have had reported to me.
What has repeatedly been incorrectly reported is the **assumption**
that because Windows Explorer hides extensions and standard common
dialogs associated with file handling also do, **all** dialogs
displaying filenames hide extensions. That is not the case.
Arriving at a better understanding of this is complicated by the fact
that various other parts of the Outlook and Outlook Express interface
that also display the filename of the attachment are length-limited
to what they can display, in some circumstances with names numbering
longer than the low-teens of characters having their ends chopped and
"..." displayed instead and a similar thing happening with names
longer than something in the 40s, 50s or 60s of chracters in other
parts of the interface.
> Personally I don't feel safe on a new Windows box until I turn off "Hide file
> extensions for known file types" and then use regedit.exe to find all
> instances of "NeverShowExt" and rename them to "disabled_NeverShowExt".
8-)
Definitely a good start!
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
