Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: hotmail password request tool (intranet usage)

Re: hotmail password request tool (intranet usage)

From: DA Morgan <damorgan_at_x.washington.edu>
Date: Mon, 18 Apr 2005 15:49:50 -0700
Message-ID: <1113864368.360327@yasure>


Ulrich Hobelmann wrote:

> DA Morgan wrote:
>

>> Here at the University of Washington there have been demonstrations of
>> archive files that autoexecute when opened (not even unpacked) which is
>> more than enough to trigger an attack.

>
>
> What's "opening" an archive file and how does it execute something??

But it does or should I say can. It is not that hard to do but I'm not going to advertise how as we seem to already have more than enough people doing malicious computing without creating more.

>> How serious is the problem? All .zip files are deleted by our mail
>> server. I'll let you be the judge, knowing that, of how you feel about
>> opening and archive that is self-identified as stolen from an internal
>> web site (what does that say about the poster's integrity level) and
>> for which the poster has done his or her best to not reveal what is
>> actually contained.

>
> WHAT? I'd get quite furious if someone just deleted all zips in my
> email! Why not just delete all emails, then you can't get spam anymore!

Get angry if you wish but don't expect to be faculty or student at the University of Washington.

>> Microsoft is now involved. If this person is truly inside the company
>> they may well exit sooner than they planned ... and not through the
>> front door. I've as much use for thieves as for spammers.

>
> I believe it's a virus inside, and no secret MS stuff. So even if there
> is, how can I be guilty for just *looking* inside? Isn't that the same
> as finding top-secret documents on the street and looking at them? I
> didn't sign no NDA. Of course if it's MS code, then distributing it
> would be illegal.

Don't know ... don't care. I handed it off, with full headers, to the proper authorities and they were not amused.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace 'x' with 'u' to respond)
Received on Mon Apr 18 2005 - 17:49:50 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US