Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

The Ten Most Dangerous Things Users Do Online

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 May 2014
Posts: 768
Location: Virginia, USA

PostPosted: Mon Oct 23, 2006 8:18 am    Post subject: The Ten Most Dangerous Things Users Do Online Reply with quote

Quote:
...The following is our list of "The Ten Most Dangerous Things Users Do Online," along with some explanation of the risks -- and solutions -- associated with each...

1. Clicking on email attachments from unknown senders
2. Installing unauthorized applications
3. Turning off or disabling automated security tools
4. Opening HTML or plain-text messages from unknown senders
5. Surfing gambling, porn, or other legally-risky Websites
6. Giving out passwords, tokens, or smart cards
7. Page 8: Random surfing of unknown, untrusted Websites
8. Attaching to an unknown, untrustworthy WiFi network
9. Filling out Web scripts, forms, or registration pages
10. Participating in chat rooms or social networking sites

darkreading.com
_________________
Microsoft MVP - Consumer Security 2007-2014
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
Erikalbert
Warrior


Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219

PostPosted: Wed Oct 25, 2006 10:27 pm    Post subject: Re: The Ten Most Dangerous Things Users Do Online Reply with quote

[quote="quietman7"]
Quote:
...The following is our list of "The Ten Most Dangerous Things Users Do Online," along with some explanation of the risks -- and solutions -- associated with each...

4. Opening HTML or plain-text messages from unknown senders


Just wondering what so dangerous about opening plain-text messages?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Oct 2014
Posts: 9982
Location: Yorkshire

PostPosted: Wed Oct 25, 2006 11:08 pm    Post subject: Reply with quote

Quote:
Just wondering what so dangerous about opening plain-text messages?


You voice my thoughts also.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 May 2014
Posts: 768
Location: Virginia, USA

PostPosted: Thu Oct 26, 2006 3:52 am    Post subject: Reply with quote

Quote:
HTML text -- and increasingly, images -- can be infected with spyware, and in some cases, executable code...embedding shell code...HTML files may contain Java Scripts, ActiveX controls, or macros that can allow an attacker to gain control of a PC or turn into a botnet zombie...

_________________
Microsoft MVP - Consumer Security 2007-2014
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Oct 2014
Posts: 9982
Location: Yorkshire

PostPosted: Thu Oct 26, 2006 4:58 am    Post subject: Reply with quote

quietman7 wrote:
Quote:
HTML text -- and increasingly, images -- can be infected with spyware, and in some cases, executable code...embedding shell code...HTML files may contain Java Scripts, ActiveX controls, or macros that can allow an attacker to gain control of a PC or turn into a botnet zombie...


Admittedly you can embed malicious code in a HTML e-mail, but AFAIK its not possible in a plain text document, which is the point we were making.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
quietman7
Warrior Addict


Joined: 20 Dec 2004
Last Visit: 28 May 2014
Posts: 768
Location: Virginia, USA

PostPosted: Thu Oct 26, 2006 9:20 am    Post subject: Reply with quote

I can't speak for the writers but they probably were thinking about an e-mail message in HTML format or as plain text message with an attached HTML file. The article appears to have been written for novice users and the author(s) did not go into a lot of detail or specific explanations.
_________________
Microsoft MVP - Consumer Security 2007-2014
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Back to top
View user's profile Send private message
Erikalbert
Warrior


Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219

PostPosted: Fri Oct 27, 2006 11:22 am    Post subject: Reply with quote

Why is it dangerous to open txt files?

Rutkowska says

Quote:
Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file.


http://www.eweek.com/article2/0,1895,2040760,00.asp

Cool
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Oct 2014
Posts: 9982
Location: Yorkshire

PostPosted: Sat Oct 28, 2006 12:19 am    Post subject: Reply with quote

Erikalbert wrote:
Why is it dangerous to open txt files?

Rutkowska says

Quote:
Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file.


http://www.eweek.com/article2/0,1895,2040760,00.asp

Cool


In which case it seems the infection vector is the readme file, not the txt e-mail.

Interesting article though.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Bobbi Flekman
Malware Expert


Joined: 06 Mar 2005
Last Visit: 28 May 2010
Posts: 83
Location: Midian

PostPosted: Sat Oct 28, 2006 12:38 am    Post subject: Reply with quote

Erikalbert wrote:
Why is it dangerous to open txt files?

Rutkowska says

Quote:
Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file.


http://www.eweek.com/article2/0,1895,2040760,00.asp

Cool
That means it still has to happen. So it is only possibly dangerous to open .txt files. Still this doesn't mean the .txt file itself is dangerous. As long as .txt is not interpreted by something, it cannot be executed, and opening a .txt file in an editor like Notepad does nothing unless the system is already compromised. Which still means that the .txt file is not the infector.

Do you ban the entire Internet because someone finds it necessary to put spyware on it? Is every Myspace user a pedophile because there is one on it?

I do like the idea of the System Virginity Verifier though. Downloaded the source and will be playing with it.
_________________
[url="http://www.uniteagainstmalware.com/forums/"][/url]
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
hornet777
Warrior Guru


Joined: 28 Oct 2005
Last Visit: 20 Oct 2009
Posts: 458

PostPosted: Sat Oct 28, 2006 4:00 am    Post subject: Reply with quote

I took what Rutkowska said in that regard to mean that the application that is used to open the text file is compormised, which leads to system compromise. All three items are thus related: the application wouldn't be compromised were it not for a crafted data file that is opened by it, and likewise for the system that is compromised as a result of this. Nothing was inferred of necessity about the safety of text files in general, although with a caveat. Is this how others understood it?

Seems to me that her words in general were a warning of an impending crisis that will threaten to bring about drastic changes in computers, and the industry that brings them about -- not many of which will set well with either the industry or the consumers of their products, at least as long as memory of "what used to be" remain... I think she is right to be very wary of virtualisation techniques; getting away from the hardware is a BIG mistake, for therein lies the saving grace. (sorry for OT; thanks for listening).
Back to top
View user's profile Send private message
Erikalbert
Warrior


Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219

PostPosted: Tue Oct 31, 2006 9:50 am    Post subject: Reply with quote

Bobbi Flekman wrote:
That means it still has to happen. So it is only possibly dangerous to open .txt files.


Yes, it's just a hypothetical.

Quote:

Still this doesn't mean the .txt file itself is dangerous. As long as .txt is not interpreted by something, it cannot be executed, and opening a .txt file in an editor like Notepad does nothing unless the system is already compromised.


Opening a text filke in notepad does nothing normally yes, but if there is a buffer overflow bug no one knows about.....

Quote:
Which still means that the .txt file is not the infector.


With all due respect to your expert tag, I don't quite agree.

My understanding is that if a specially crafted text file can cause a buffer overflow in your text editior the moment you open it with your text editor, then all bets are off, and it would be possible in theory for the text file to inject some attack code that would be normally harmless lines in a text file.

In that case the text file would definitely be the infector, though it would need probably to download more parts from the net to establish a perm presence.

Paranoid? Of course.

But I wasn't serious anyway, but apparently Joanna worries a little (at least) about such threats.

Quote:

I do like the idea of the System Virginity Verifier though. Downloaded the source and will be playing with it.


It will work better on my vista. Smile
Back to top
View user's profile Send private message
Bobbi Flekman
Malware Expert


Joined: 06 Mar 2005
Last Visit: 28 May 2010
Posts: 83
Location: Midian

PostPosted: Tue Oct 31, 2006 11:44 pm    Post subject: Reply with quote

Erikalbert wrote:
My understanding is that if a specially crafted text file can cause a buffer overflow in your text editior the moment you open it with your text editor, then all bets are off, and it would be possible in theory for the text file to inject some attack code that would be normally harmless lines in a text file.

In that case the text file would definitely be the infector, though it would need probably to download more parts from the net to establish a perm presence.
A text file has nothing in it that is executable, unless the program is itself interprets the text and acts on it. Textfiles are opened by Notepad (by default). That does not interpret anything, just loads it as a datafile. If it did interpret the contents, we would have had fun a long long time ago as batchfiles are created in Notepad as well.

If Notepad interprets and executes stuff that would mean it has been compromised before. Then the textfile is not the infector.

As far as the buffer overflow is concerned, Notepad has a certain buffer size that it will fill. If the file is too large for memory it will complain that it is too big and offer to open Wordpad. Wordpad fills its buffer and ignores the rest of the file, until you move out of the buffered region. At that moment memory will be refreshed with the new part that should be in memory.

Until you, or anyone else, can give me a working example I simply cannot believe that a textfile will be an infector.
_________________
[url="http://www.uniteagainstmalware.com/forums/"][/url]
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Erikalbert
Warrior


Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219

PostPosted: Thu Nov 02, 2006 2:04 am    Post subject: Reply with quote

Bobbi Flekman wrote:



If Notepad interprets and executes stuff that would mean it has been compromised before. Then the textfile is not the infector.


I guess we are arguing semantics here. If there is a flaw in the intrepreter that causes a compromise by seemly reading a readme file ... (which is what joanna says by "embeding a....." there is nothing about being 'compromised before')

we can argue over whether the text file really is or is not the infector but bottom line it means opening a text file could be dangerous.


Far out threat yes, but joanna seems to think it is worth mentioning. I think she's nuts personally and way too paranoid, but she has more expertise in the area than me, and most probably you, so if she thinks it's worth mentioning what can I say? You can take it up with her if you are unhappy, I'm just reporting what she said.

Quote:

As far as the buffer overflow is concerned, Notepad
has a certain buffer size that it will fill. If the file is too large for memory it will complain that it is too big and offer to open Wordpad. Wordpad fills its buffer and ignores the rest of the file, until you move out of the buffered region. At that moment memory will be refreshed with the new part that should be in memory.


In theory yes.

Quote:

Until you, or anyone else, can give me a working example I simply cannot believe that a textfile will be an infector.


Well if i have a working example, I wouldn't share it with you lol. It would be the most valuable secret out there man.

Anyway , i don't know how this developed into me saying that opening text files is dangerous. I'm the guy who orginally questioned it!
Back to top
View user's profile Send private message
Erikalbert
Warrior


Joined: 10 Aug 2006
Last Visit: 05 Jul 2007
Posts: 219

PostPosted: Thu Nov 02, 2006 2:06 am    Post subject: Reply with quote

Gary R wrote:
Erikalbert wrote:
Why is it dangerous to open txt files?

Rutkowska says

Quote:
Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file.


http://www.eweek.com/article2/0,1895,2040760,00.asp

Cool


In which case it seems the infection vector is the readme file, not the txt e-mail.

Interesting article though.


If it's the readme file, it could easily be the txt email as well...
Back to top
View user's profile Send private message
Bobbi Flekman
Malware Expert


Joined: 06 Mar 2005
Last Visit: 28 May 2010
Posts: 83
Location: Midian

PostPosted: Thu Nov 02, 2006 2:28 am    Post subject: Reply with quote

Erikalbert wrote:
I guess we are arguing semantics here. If there is a flaw in the intrepreter that causes a compromise by seemly reading a readme file ... (which is what joanna says by "embeding a....." there is nothing about being 'compromised before')

we can argue over whether the text file really is or is not the infector but bottom line it means opening a text file could be dangerous.
I agree. It all depends on the term infector. In my eyes the file is not the infector. If Notepad (or whatever opens it) is infected then the textfile is a thread. I suggest we let it drop, since we're both on the same side after all. That is: we think this is not much of a thread.
Quote:
Well if i have a working example, I wouldn't share it with you lol. It would be the most valuable secret out there man.
Spoilsport! Laughing
_________________
[url="http://www.uniteagainstmalware.com/forums/"][/url]
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 19 Oct 2014
Posts: 9982
Location: Yorkshire

PostPosted: Thu Nov 02, 2006 6:59 am    Post subject: Reply with quote

Erikalbert wrote:
Gary R wrote:
Erikalbert wrote:
Why is it dangerous to open txt files?

Rutkowska says

Quote:
Of course, I'm still aware that it's not enough, as somebody can embed a very reliable and "silent" zero-day exploit for my .TXT editor in some README file.


http://www.eweek.com/article2/0,1895,2040760,00.asp

Cool


In which case it seems the infection vector is the readme file, not the txt e-mail.

Interesting article though.


If it's the readme file, it could easily be the txt email as well...


I think Bobbi has already made my point far more eloquently than I could have, as far as I'm concerned this debate is over.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group