Re: hotmail password request tool (intranet usage)

From: DA Morgan <damorgan_at_x.washington.edu>
Date: Mon, 18 Apr 2005 12:59:31 -0700
Message-ID: <1113854149.517598@yasure>

Ulrich Hobelmann wrote:

> DA Morgan wrote:
>

>> Let me see if I get this correctly ... you have stolen an internal
>> file from Microsoft and you are distributing it in a usenet group.
>> And you think anyone out here dumb enough to blindly open an archive
>> file not knowing its contents.

>
>
> What's wrong with unpacking an archive file? I do that every time with
> software distributions. Most of the time they contain a README file,
> but even if they didn't, you are free to look through files, no?
>
> If it says that the archive is *not* for everyone to read (like "this is
> MS property"), then maybe that's a sign you should stop.

Here at the University of Washington there have been demonstrations of archive files that autoexecute when opened (not even unpacked) which is more than enough to trigger an attack.

How serious is the problem? All .zip files are deleted by our mail server. I'll let you be the judge, knowing that, of how you feel about opening and archive that is self-identified as stolen from an internal web site (what does that say about the poster's integrity level) and for which the poster has done his or her best to not reveal what is actually contained.

Microsoft is now involved. If this person is truly inside the company they may well exit sooner than they planned ... and not through the front door. I've as much use for thieves as for spammers.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace 'x' with 'u' to respond)

Received on Mon Apr 18 2005 - 14:59:31 CDT