On Mon, 6 Aug 2001, "Clarence Verge" <[EMAIL PROTECTED]> wrote:
> Hi Bastiaan;
> There can never be a problem with a worm disguised as a .gif when
> running Arachne. She does not 'run' the .gif. She runs a part of
> herself which converts the information in the .gif to an image,
> and then she displays that image. Even if there was an .exe hidden
> inside with a normal .gif header, the action she takes is based on
> her own internal programming and can only result in the display of
> an image, or PART of an image, or a red box.
> How even M$ could EXECUTE a file that was a .exe but named .gif
> is mindboggling. Someone in Redmond is incredibly stupid. :(
> It *IS* possible to open a humungous security hole in Arachne if
> you uncomment the lines in mime.cfg for .exe, .com, and .bat.
yes....AND...we all notice that this is NOT the "default" setting
in Arachne......<g g g>
BTW....a net-reporter (I think it was an eWeek reporter) posted
that "it is only a rumor, mind you, I don't want lawyers on me."
that MSloth is deliberately releasing XP to make the virus problem
worse. Then they will aggressively push their MS/TCP as the
web standard, replacing TCP/IP. AND he says he thinks they will
ultimately be successful, because "business and gov" want things
to be really secure...getting tired of fighting off virus attacks.
He also notes that M$zz has so far successfully kept itself from
being blamed in the press/public-opinion. Their PR has been
successful.
What we need to do, is stop passively "allowing" idiots to run
M$zz windows, and go on the aggressive attack to hammer and
yammer that M$zz MUST be removed from the internet, because IT
is the virus...not the minor exploits being slapped together to
exploit it...
......gregy
