TechTalk & Personal Computing Guide

India-Forums

   
TechTalk & Personal Computing Guide
TechTalk & Personal Computing Guide

What's behind the Internet curtain

cdesai12 Goldie
cdesai12
cdesai12

Joined: 18 September 2004
Posts: 1900

Posted: 26 February 2005 at 4:09pm | IP Logged
What's behind the Internet curtain

By Chris Mosby

The Internet isn't the glamorous "Oz" that it used to be in the beginning. There are plenty of "wicked witches" and "wizard" hackers out there ready to do whatever they can get away with on your computer — if you don't know what they have in store for you.

Even saving pictures is dangerous with IE 6

Here you are, minding your own business, checking out the latest pictures on CuteFluffyBunnies.com when you see it. The cutest and fluffiest bunny picture you have ever seen. You just have to have it for your collection. You right click the picture and choose Save Picture As to save it. The name of the file looks a little different that other pictures that you've downloaded from this Web site, but you download it anyway. The picture is just irresistible.

As soon as the picture hits your download folder, your hard drive starts to grind and your system starts to slow down. That's odd, you think to yourself, the last time that happened was when you got hit with that virus last year. Surely that precious bunny picture didn't have anything to do with it...

Could the same thing happen to you by just doing something as innocent as saving a picture from the Web? It sure can with Internet Explorer 6 under the right conditions.

The problem is caused by the file extension — i.e. *.exe, *.doc, etc. — that IE uses when saving pictures using the Save Picture As option. IE uses the extension from the Web address, instead of the real file extension.

This can cause the last extension to be dropped if more than one exists — such as in the filename bunny.hta.jpg. This file, when saved by IE 6, can become bunny.hta on your computer. The end result is that an infected "HTML Application" (.hta) or other executable file has been downloaded to your computer. Used with other IE vulnerabilities, anything can happen from there. Proof-of-concept code is already publicly available for this problem. It's been shown to work on a "fully patched" Windows XP SP2 system with IE 6.

This problem has received less attention than other vulnerabilities because the Windows Explorer setting Hide extensions for known file types must be turned on for the trick to work. Knowledgeable users turn this off, so the problem doesn't affect them. But the Windows default is "on" and many users never change it.

What to do: Disable the Hide extensions for known file types setting. This can be accomplished as follows:

Step 1: Open the Tools menu in Windows Explorer.
• Step 2:
Click Folder Options and select the View tab.
• Step 3:
In the Advanced Settings box, scroll down until you find Hide extensions for known file types and uncheck the box.


More info: has an advisory detailing this problem, and Microsoft has that describes this from a non-security point of view

kripawgr Goldie
kripawgr
kripawgr

Joined: 02 February 2005
Posts: 1781

Posted: 26 February 2005 at 4:15pm | IP Logged

that was great cdesai

u r too good in the tech sectionClapClap

  • Page 1 of 1

Go to top

Related Topics

  Topics Author Replies Views Last Post
MS to launch new Internet Explorer

Author: Nankri   Replies: 2   Views: 827

Nankri 2 827 23 February 2005 at 1:44am by SONYA_K
January patches included Internet Explore

Author: cdesai12   Replies: 1   Views: 707

cdesai12 1 707 28 January 2005 at 9:18pm by HUMM
Security Concerns Prompt Internet Explore

Author: cdesai12   Replies: 4   Views: 1179

cdesai12 4 1179 25 January 2005 at 11:57am by cutereems
New Year, old flaws in Windows, Internet

Author: cdesai12   Replies: 1   Views: 590

cdesai12 1 590 20 January 2005 at 11:22am by HUMM

Forum Quick Jump

Forum Category / Channels
Forums

  • Please login to check your Last 10 Topics posted

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index