Re: !?!?! HTA files are EXTREMELY DANGEROUS ?!?!



Calm down, you have missed one important point.

<sorcerdon@xxxxxxxxx> a écrit dans le message de news: 1136503284.463479.81000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
And had to delete alot of these off my machine

I've a few of them on mine, too, and they are not viruses. I even wrote some of them, since they are pretty handy for scripting.


Just imagine - a simple hacker can use these files BEHIND THE scenes on
a FLASH website (since flash can run web pages in the background - or
use new window feature on some server). I mean you can even get user
name and passwords to secrure websites JUSt by reading the cookies of
one's machine and saving it to a XML file on your server...

No, they can't. HTA are executable files, handled much in the same way EXE files are. You can think of them as a kind of program, with a graphical interface designed as an HTML page. For the system, they *are* programs. Your hypothetic hacker would face exactly the same blocks preventing the execution of HTA files as for binary programs (and hopefully arbitrary remote execution of binary programs is blocked).


Has microsoft COMPLETELY lost their mind in enabling this application
ability?

No, they don't, and they provided a very useful tool for writing scripts with a user-friendly interface.


By the way, did you know that the control pannel user accounts management tool uses HTML for its graphical interface? This is the same idea. HTML can be useful for much more than web pages.

.