Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Bug in hotmail

from [security] Network Security [Permanent Link]
Subject: Bug in hotmail
Date: Sun, 24 Oct 2004 21:57:23 +0000
hi all,
i am not a person that posts to bugtraq really, but more a person that reads from it!
well the thing is, I was checking my hotmail account, as i saw an e-mail from an old friend of mine, i saw an attachement, so i was already in doubt (but i was using gentoo anyways .. so not realy affraid of something like that ), but when i looked at the file i saw that it was a zip file that had a .txt file in it .. at least .. so it seamed. after downloading the file and extracting it , was look ing at the file name which was :

tmp $ ls -l dump.
dump.txt .scr
dump.zip

weird!!!!

$ ls -l dump.txt\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ .scr
-rw-r--r-- 1 crocco users 53248 Aug 13 1985 dump.txt .scr

Ah makes more sense!!

$ file dump.txt\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ .scr
dump.txt .scr: MS-DOS executable (EXE), OS/2 or MS Windows

Funny, as i saw that i was 100% sure that it was a virus! although it was labeled as NO VIRUS FOUND on the hotmail site( i was thinking that it should be " no known viruses found") it was confirmed by friends of mine after i asked them to scan it for virusseson windows machines!

now, i can only come to 1 conclusion. the virus scanner of hotmail, does not check filenames as long as our file in question here!
and because many people would simply believe that it is virusfree and that it could again cause some new virusrage i thaught it was pretty important and posted it in bugtraq!

cheers

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Bug in hotmail, security <=
Previous by Date:  Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2, michael evanchik
Next by Date:  [CLA-2004:878] Conectiva Security Announcement - zlib, Conectiva Updates
Previous by Thread:  Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2, michael evanchik
Next by Thread:  [CLA-2004:878] Conectiva Security Announcement - zlib, Conectiva Updates
Indexes:  [Date] [Thread] [Top] [All Lists]