On Sat, Jul 22, 2017 at 02:50:08PM -0500, Graham Toal via cctech wrote: > http://www.indytorrents.org/torrent/10372448/DDJ_DVD6.iso.xz > > which leads to: > > magnet:[...] [...] > I use a program called 'deluge' on Windows to download torrents the few > times I use them (usually for the Internet Archive which incidentally also [...] > There's little risk in downloading a file like this and just looking at the > contents.
Agreed. Unless xzip archive is cooked up and xzip viewer/unpacker has some "usable" bug... I wonder if there is any. > Now running any executables from the DVD once you've burned or > mounted it is another question, but since these disks are mostly about > source code and documents, you can probably just ignore all the executables > and be relatively safe. Half-agreed. Documents can be cooked up. But they are well known vector (many watching eyes) so with up to date doc viewer you should be safe. And I assume source code is being read before compile-run phase :-)... > Nothing is going to auto-run or auto-install just by looking at it > and with the magnet link you don't even need to visit any dubious > websites and be afraid of a drive-by zero-day attack. Um, not quite. You are connecting to some site, perhaps of dubious nature, with a magnet client, in this case a one named 'deluge'. If said client has usable bug, there is a risk and how will you know in case there is one? I mean, this would require receiving mail reports from some kind of deluge-bugs mailing list, if there is any (I have no idea). Myself, I would be wary. And ran those programs in some virtual machine. Or at the very least as unprivileged user (on every Windows I tried starting with w2k (if I am right, and definitely on XP) there was runas command/service (in winspeak they call it a service) (however, if I have a choice, I always go for pro/server version, so maybe runas is specific to those and not present in home). I'd wrote a bat file to start magnet as magnet user. Or something like that. This is not a perfect solution, but it makes an obstacle. Given that bad codes nowadays can escape from typical VMs (well, sometimes), an atypical VM would have been even better - something that runs vms or tops, maybe - I have long time ago came to such idea but never had time to go further, but I am sure this idea is rather obvious and many have came to it. AFAIK: mosaic virus attacks tomatoes but not humans, flu attacks humans but not tomatoes. Just my 0.02P(aranoidollars). -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home ** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:[email protected] **
