- From: Paolo Holzl <paolotoglispam@xxxxxxxx>
- Date: Sun, 30 Mar 2008 11:00:17 +0200
The protection of the business goes for ...router, firewalls, iptables,
strict change of password, restrictive policy...
But it will be ever an user Windows so 'it' to put in all danger that?
No, all they know that they throw not executable not requests, even if with
names obviously at risk.
But we are secure?
I have therefore invented a fine teaching test.
And 'an executable one (Open Source in Visual Basic).
I called it ChickenFinder but to the use agrees to reelect it in GameSuper
PacMan or other names winning, more the name is obviously dangerous more
the test is significant.
It put the exe in an attractive directory of net shared under the eyes of
The program tace that user Win threw it, when and from that PC.
It asks confirmation (and too that track).
It asks the email (and too that track).
It asks to record be invented a password (holds of it from account the
length and if the characters are all equal to understand if is likely, but
does not memorize it, it does not want to be a spyware).
Well an escalation of 'stupidity'.
If an it arrives at the end it Chicken says! (Of default, honestly the
minimum that says), or what seems yourselves or be able to put us an 'Error
221 in ExtraCicken. DLL' (in manner that who is fallen down us you do not
alert other), or can send again to a site that want.
The output goes out in a file of text with the same name of the program of
default in the same directory with extension jpg (but is a textual log),
the eventual configurations go instead in a bmp (other file of text).
The program can be been depicted and translated in any language executing
Particularly situations advise to carry the results (without to present the
names) to who of skill.
Can be that is better spend better for for the Policy and a little more to
re-educate the users.
The not use of layout via Web or FTP is wanted, the program is and should
stay a do not invasive test.
CAUTION it is directed to the utilization aside of directors of system that
should treat the data obtained in consistent manner to the normative one on
Normally is correct to talk about the results but not of the persons.
The program is in English but in a italian site.
www.holzl.it at and of page 'Security Test ...'.