Re: Web based email issues

From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: 09/16/03

  • Next message: Duane Arnold: "Re: Which Router for VPN and Webhosting"
    Date: Mon, 15 Sep 2003 18:22:21 -0400
    
    

    In article <MPG.19cff946db1dc912989c94@news-server.columbus.rr.com>,
    void@nowhere.com says...
    > In article <MPG.19cfeb98c3ade48a989af6@news.charter.net>,
    > colonel_flagg@NOSOUPFORJ00internetwarzone.org says...
    > > In article <MPG.19cfb65bafd00daf989c87@news-server.columbus.rr.com>,
    > > void@nowhere.com says...
    > >
    > > > A file with JPG or GIF will not be executed on ANY OS, but there are
    > > > helper applications that MAY launch if you click on one.
    > >
    > > I believe I would rethink the above or perhaps do a little more research
    > > before making such a broad statement.
    >
    > As a GIF and JPG are image files, are not executable files on any OS
    > that I know of, please feel free to tell us how a GIF or JPG can be
    > executed without the aid of a helper application.
    >
    >
    >

    "that I know of" is the key element.

    Your statement is very broad by saying "any" OS. The filename extension
    doesn't determine whether it's executable or not in *nix. just about
    _any_ file may be set executable in a unix-like system.

    I would suspect your statement is the result from a lack of experience
    in a unix-like environment. If you have access to a unix box where
    you're free to "test" things, simply:

    # touch filename.jpg
    # ls -al filename.jpg
    -rw-r--r-- 1 flagg 4077 0 Sep 15 19:41 filename.jpg

    notice the above -rw-r--r--

    read here for an explanation of unix file permissions:

    http://www.ctssn.com/linux/lesson6.html

    # chmod 700 filename.jpg
    # ls -al filename.jpg
    -rwx------ 1 flagg 4077 0 Sep 15 19:41 filename.jpg

    now notice the -rwx------

    whereas "x" == "executable". see above URL.

    Also, stating it isn't executable doesn't resolve the possibility of a
    .jpg containing malicious code, I believe elsewhere in this thread,
    someone posted a link to bugtraq reports of jpgs and how browsers on
    Microsoft Operating Systems mishandling them. True, they need a third
    party product to mishandle the code, however, the jpg not being
    executable has nothing to do whether they can cause harm or not, simply
    opening the file in it's associated program *could* cause ill affects.

    .jpg's and .gif's, once thought to be safe, haven't been for a number of
    years.

    -- 
    Colonel Flagg
    http://www.internetwarzone.org/
    Privacy at a click:
    http://www.cotse.net 
    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."
    "...I see stupid people."
    

  • Next message: Duane Arnold: "Re: Which Router for VPN and Webhosting"

    Relevant Pages

    • Re: Microsoft updates: a bad thing?
      ... Send me e-mail and I will send back a jpg of the configuration. ... Joel ... >> Its possible to get malicious code by downloading NOTHING and opening ...
      (sci.med.dentistry)
    • Re: MSMPENG.EXE hogging CPU. How do I get better control of MSMPENG
      ... There is no option to specify the extension of filenames or to wildcard the filespec. ... Malware can name the file anything it wants, so malicious code could reside in a file that was named .jpg but isn't an image file at all. ... I can write a batch file called format.bat that contained: ...
      (microsoft.public.windowsxp.help_and_support)