for those that think jpgs are "safe"
From: Craig A. Finseth (news_at_finseth.com)
Date: 11/13/03
- Next message: Lord Shaolin: "Re: for those that think jpgs are "safe""
- Previous message: Jim: "Re: just wondering"
- In reply to: Colonel Flagg: "Re: for those that think jpgs are "safe""
- Next in thread: Colonel Flagg: "Re: for those that think jpgs are "safe""
- Reply: Colonel Flagg: "Re: for those that think jpgs are "safe""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 13 Nov 2003 15:14:39 GMT
In article <MPG.1a1ce6792958f4df989bb1@news.charter.net>,
Colonel Flagg <colonel_flagg@NOSOUPFORJ00internetwarzone.org> wrote:
>In article <3fb31b48$0$41292$a1866201@newsreader.visi.com>,
>news@finseth.com says...
...
>> And yes, I will feel just as secure into the future as I did in the past
>> because I avoid using programs that make such mistakes.
...
>Fair enough. Considering the audience in this group, what would you
>recommend end-users do?
Since this is nominally a group for people interested in learning
about the issues rather than just "plug it in, turn it on, and hope it
works" types, I will answer as such.
First, learn about the difference between the contents of a file, the
file's extension, and the MIME-type used in the HTTP transfer.
Second, learn about the specifics for your environment (i.e.,
operating system) about how it decides how to handle content. Does it
look at the MIME-type first? The extension? The contents of the
file?
As an aside, ensure that your file system viewer (whatever it is
called on your system) is set to _NOT_ hide the extensions.
Third, learn the security model in your system. You should understand
the difference between "administrator/root" modes and regular users.
You should also understand groups and how they interact with the former.
At this point, it should be obvious to you why you never want to run
as "administrator/root" except when you know that you are making
changes to system stuff.
Next, learn about how (most) people attack systems: the network and
media interfaces. Learn about the network protocols (e.g., IP and
NETBIOS). Learn about the services (HTTP, SMB, SMTP). Look at the
implementations of those services (sendmail, IIS, Apache). Learn
about the tradeoffs made by different designers and the system
interactions (automatic display of email + HTML interpretation =
webbugs).
Answering the question in a very specific sense:
- I use Mozilla on Windows, and sometimes IE when I have to use a
designed-to-IE site that I trust (e.g., an internal HR website).
- When on my Mac, I use Safari and/or Mozilla.
- When on Unix (Solaris), I use Netscape.
In all cases, I take time to configure the browser to not trust sites,
disable cookies, and so forth. I may sometimes turn features (e.g.,
cookies) back on temporarily, but only for known sites.
And, for email, I use GNU-Emacs running on a character-emulation
device. Yes, I have to manually extract attachments (takes a few
seconds), but I have NEVER -- repeat NEVER -- been part of a
virus/trojan progration stream.
Craig
- Next message: Lord Shaolin: "Re: for those that think jpgs are "safe""
- Previous message: Jim: "Re: just wondering"
- In reply to: Colonel Flagg: "Re: for those that think jpgs are "safe""
- Next in thread: Colonel Flagg: "Re: for those that think jpgs are "safe""
- Reply: Colonel Flagg: "Re: for those that think jpgs are "safe""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
