__/ [ Doug Mentohl ] on Friday 24 November 2006 16:50 \__
> "With Windows XP, most people don't if you keep your computer free of
> spyware and viruses. (The built-in firewall with XP is one-way; it
> keeps bad stuff out but doesn't stop your PC from sending bad stuff
> out. A good firewall does both.)"
>
> "If you connect to the Internet through a router, keep in mind your
> router has a great built-in firewall that reduces your need for a
> software firewall"
>
> http://www.dailybreeze.com/business/articles/4728796.html
>
> A 'software' isn't a real firewall in that it can be disabled by
> opening an attachment or clicking on a web link.
Very ture. I seem to forget this until I look more closely at SPAM with
attachments and/or links. Has anybody else been hit by fake greeting cards
on Thanksgiving? Here's the body of one that's in my trash. Thunderbird is
set to force plain-text and avoid HTML, so the tareget of the URL is shown
quite explicitly.
,----[ Quote ]
| *Hi,someone has sent you a greeting card!*
| Please click the link below to view your Greeting
| Card....If the link is not clickable just copy and
| paste or type the address in your browser..ENJOY!!
| this is a flash executable that you can save on your hard drive so you cand
| look
| at it anytime you would like!
|
| *Your Greeting Card http://www.XXXXXXXXXXX.com/pickup.htm?pid=111970425U8H0
| <http://www.2XXXXXXXXXXX.us.to/a_friend.exe>*
|
| *If you have trouble using the link we provided, please follow these
| steps:*
|
| 1. Click this link to go to our homepage,
| or copy and paste it into your browser's address
| line:http://www.XXXXXXXXXXX
| 2. Enter your card ID 111970425U8H0 in the Pick up ID Box
| Your card will be available for 20 days. If you'd like to send a card
| yourself
| please go to :http://www.XXXXXXXXXXX.com
|
| Get your XXXXXXXXXXX.com Reminder Service
| and Printable Calendars http://www.XXXXXXXXXXX.com/reminder
`----
See that link where it says "a_friend.exe" ? I wonder how many (Windows)
users will follow this seemingly innocent link and then have that arbitrary
binary run (while logged in as Administrator, of course). And they still
wonder why Google Earth installtion in Linux requires you to change file
permissions (while root privileges are unlikely)...
Best wishes,
Roy
--
Roy S. Schestowitz | GPL'd 3-D Othello: http://othellomaster.com
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
roy pts/6 Fri Nov 24 16:29 - 16:29 (00:00)
http://iuron.com - proposing a non-profit search engine
|
|
