On 1/19/06, redsand <[EMAIL PROTECTED]> wrote: > > > i think the author of this advisory is desperate for advisories or > attention.
Well maybe the guy was just misled because Microsoft led him to believe it was something exciting? Either way it seems like anyone could open a project file in notepad and insert/modify anything they want in there. I mean its not like we've ever been able to trust projects or Makefiles/configures anyways. > > either way he needs to open a disassembler and work on something else. > -sb > Pavel Kankovsky wrote: > > >On Tue, 17 Jan 2006, Morning Wood wrote: > > > > > > > >>extract, and open hello.dsw > >>click "batch build, build" or "rebuild all" > >>code will execute ( calc.exe and notepad.exe used as an example ) > >> > >> > > > >What's the point of building a bunch of sources unless > >1. you trust their author, or > >2. you have made sure their is nothing malicious there? > > > >When you build an executable from untrusted sources, you get an untrusted > >executable. Either you run it and you're screwed anyway, or you don't run > >it and you wasted your time building it. > > > >(Indeed, there are some marginal cases like when you want to build an > >executable file intended to run on someone else's computer...) > > > >--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] > >"Resistance is futile. Open your source code and prepare for assimilation." > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
