Re: CRIME NIPC Daily Report 27 November 2001

From: Scott Elam (Scott.Elam@private)
Date: Tue Nov 27 2001 - 22:32:10 PST

  • Next message: Goerling, Richard J. LT (TAD to CGIC Portland): "CRIME FW: [Terrorism RealNews] Terrorism Daily News Summary"

    This probably isn't the best way to post this report.  I'd prefer a
    verifiable source.
    
    Thanks, Scott
    
    "AARG! Anonymous" wrote:
    > 
    > NIPC Daily Report 27 November 2001
    > 
    > NOTE:  Please understand that this is for informational purposes only
    > and does not constitute any verification of the information contained in
    > the report nor does this constitute endorsement by the NIPC or the FBI.
    > 
    > Significant Changes and Assessment - There is a vulnerability in
    > Microsoft Internet Explorer that allows a malicious Web site to spoof
    > file extensions in the download dialog to make an executable program
    > file look like a text, image, audio or other file.  The user will see a
    > dialog window open, asking if the user wants to OPEN or SAVE.  Should
    > the user decide to OPEN the file, the file will run without further
    > prompting.  If the code is executable, no matter what the extension, the
    > program will run on the users system, allowing the program full use of
    > the users system.  This does not require any scripting turned on at all
    > but can be called via javascript, inside an iframe, or even as a normal
    > link.
    > 
    ...
    --
    Scott Elam
    Sun Microsystems
    SunIT, Network Security Group, SunCERT
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:35:15 PDT