Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: RE: Unchecked buffer in mstask.dll
From: Tim <tim-security () sentinelchicken org>
Date: Wed, 14 Jul 2004 21:40:56 -0700

Hm... who really knows why MS does a lot of the things they do? I'd
guess that the reason it works is more because of they way Windows
handles executables or something... considering that .pifs aren't
commonly seen these days, and the fact that most people wouldn't think
to switch the extension. Then again... people can be marvelously
stupid. Don't give the end user any credit of intelligence, and you'll
probably end up about right.

Well, the whole idea of relying on part of a file's name to determine
how it is opened is just plain stupid, IMHO.  If I took the name plate
off of a ford, and stuck it on my nissan, would my mechanic put ford
parts into it when I took it in for repair?

(Yeah, I know, I used the tired-old automobile analogy, but I am too
tired right now to come up with something better.)

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]