D B <[EMAIL PROTECTED]> wrote: > ok ... the click click social engineering vulnerable > operating system everone seems to target... isnt it > file extension based ? .... very explotable ...but > also quite simple to change the extension
Well, depending on the file's "real type" and the mechanism used to try to "open" it, not everything under Windows is extension based. Try renaming any OLE2 format "compound document" type to an extension that is not registered then double-click it and see what happens. There are also even ways to get "mis-extensioned" PEs to load and execute under some falvours of Windows. > why isnt a "defanger" standard on all mail gateways ? Perhaps because it will not be completely successful... > guess im just not exposed to stupid on a corporate > scale 8-) Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html