Rob Pickering <[EMAIL PROTECTED]> writes: > Or .com. Oddly enough I just now found a Windows box and typed > "command.com" in a browser URL bar and it did what I expected, when I > typed the same thing at a cmd prompt it did something different and I > expected that too.
1. Copy \windows\system32\cmd.exe to the desktop. 2. Run internet exploder. 3. Type "cmd.exe" in the address bar and observe what happens. I don't know about you, but given ie's default download location, and your (apparently common) erroneous expectation, this looks ripe for social engineering to me.