The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
jpeg virus by whytwolf2006-11-19 12:55:59
  The bottom line: by BlurOfSerenity2002-06-14 09:21:18
    But what if... by Arcanum2002-06-14 09:31:29
      You just answered your own Q. by Naruki2002-06-14 09:34:45
        The OS doesn't have ot be hacked by ToLazyToThink2002-06-14 12:25:48
          .eml != .txt by tigermouse2002-06-14 12:41:13
            True by wheresthefish 2002-06-14 12:56:41
but what is to stop me writing binary data into a file with a .txt extension? There is no direct link between the filename and it's content, Windows merely uses the extension to determine what to do with the data. Try it for yourself by renaming a .jpg file to .txt then double-clicking it. What opens? I'll guarantee you it isn't an image viewer even though you're opening an image file.

As already shown, if you make the file too large for Notepad (WTF is that all about anyway?) Windows will open Wordpad for you instead. At this point you're then open to having any vulnerability in Wordpad exploited by a file with a .txt extension. Construct the file in such a way that your malicious code is executed in a buffer overrun and you've infected that machine.

Bottom line is that any file extension is dangerous. Simply saying "This is a .txt file so it can't be executed" is a path to disaster.
[ Reply ]
              In Windows 2000 by Arcanum2002-06-14 13:05:54
                Yes, but... by ToLazyToThink2002-06-14 13:26:42
                  Normally it prompts you, unless you by Naruki2002-06-14 13:33:01
                    The .exe extension is perfectly safe too by ToLazyToThink2002-06-14 14:36:04

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)