Re: hotmail password request tool (intranet usage)

DA Morgan wrote:
> Here at the University of Washington there have been demonstrations of
> archive files that autoexecute when opened (not even unpacked) which is
> more than enough to trigger an attack.

What's "opening" an archive file and how does it execute something?? An archive is a container format, and as such, passive data. Your can look at the contents, or extract the files within. If your look-at-archive program executes random stuff, it's horribly broken.

> How serious is the problem? All .zip files are deleted by our mail
> server. I'll let you be the judge, knowing that, of how you feel about
> opening and archive that is self-identified as stolen from an internal
> web site (what does that say about the poster's integrity level) and
> for which the poster has done his or her best to not reveal what is
> actually contained.

WHAT? I'd get quite furious if someone just deleted all zips in my email! Why not just delete all emails, then you can't get spam anymore!

> Microsoft is now involved. If this person is truly inside the company
> they may well exit sooner than they planned ... and not through the
> front door. I've as much use for thieves as for spammers.

I believe it's a virus inside, and no secret MS stuff. So even if there is, how can I be guilty for just *looking* inside? Isn't that the same as finding top-secret documents on the street and looking at them? I didn't sign no NDA. Of course if it's MS code, then distributing it would be illegal.

-- 
No man is good enough to govern another man without that other's 
consent. -- Abraham Lincoln