Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: 9/11 virus

From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Thu, 11 Sep 2003 15:39:53 +0200
actually, as an advise to microsoft, it may be a good idea to not follow
the doubleclick paradigm if 

a) it is any kind of executable

AND

b) it has two dots in it

The later could also specifically look at .jpg.exe and such. We filter
many of these constructs at the gateway level. It's easy and it works.
The only thing is that you must always catch up with those 20+ year old
file extensions that turn out to be executable... A complete list from
Microsoft would be very helpful. A partial list compiled by us is here
(a German page, but I bet you get the idea ;))

<http://www.exchange-antivirus.de/Support/Empfehlung-zu-sperrende-Dateie
rweiterungen.asp>

And, yes, this is an ugly long URL and it will most probably be broken
by your mail client. So be sure to reassmble it before entering it into
the browser ;)

Rainer


-----Original Message-----
From: vogt () hansenet com [mailto:vogt () hansenet com] 
Sent: Thursday, September 11, 2003 2:42 PM
To: full-disclosure () lists netsys com
Subject: AW: [Full-disclosure] 9/11 virus



Add the inevitable batch of new 9/11 viruses to the heap of 
avoidable-but-commonplace user-dependent vulnerabilities.


It ain't a user-dependent vulnerability. It exploits 
shortcomings in the
interface. It exploits the fact that what the machine does is 
not what the
user wants or expects it to do.

User: 
"I want to see this picture."

Machine: 
Ok...
...oh, it isn't a picture, it's an executable...
...so, let's execute it.

The user never wanted to execute a file, he wanted to see a 
picture. It's a
miscommunication issue, not stupidity of users. A better 
interface would
prevent it. For example, imagine for one second that there 
were no implicit
actions, i.e. there is no "doubleclick and the right thing 
will happen", but
you always have to state WHAT you want to do.(*)

It's not a user issue. Users aren't stupid, they just have a 
limited need to
know. You'd be shouting at your car mechanic if he told you 
that it's your
fault that the car burst into flames because that's just what 
it does when
you open the trunk while the headlights are on and the gear 
is in reverse.

But hey, it's not like we haven't known this ever since the 
first Outlook
worm, and it could've been solved for years.


Tom Vogt


(*) And don't tell me users wouldn't accept that. Every other 
electronic
device works that way. You don't press POWER on your TV and 
expect it to
know which channel you want.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: