On Mon, 11 Sep 2006, Kelson wrote: > In fact, if you're retrieving content over the web, the link > doesn't even have to tell you the double extension. The link > could be to a redirect script, or to a download script that > provides a content-disposition header: > > http://server/path/to/evil/but/innocuous/looking/file
Well, yes, the worm/virus author putting the *real* executable extension into the link URI *is* a low-hanging-fruit assumption. -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- People seem to have this obsession with objects and tools as being dangerous in and of themselves, as though a weapon will act of its own accord to cause harm. A weapon is just a force multiplier. It's *humans* that are (or are not) dangerous. ----------------------------------------------------------------------- 6 days until The 219th anniversary of the signing of the U.S. Constitution
