RE: scary site

Justin_Andrusk Sat, 09 Mar 2002 15:32:37 -0800


How about writing a routine in login scripts that would move cmd.exe to a
separate directory? Seems like the majority of Microsoft targeted attacks
use cmd.exe.


Justin


                                                                                       
                            
                    "leon"                                                             
                            
                    <[EMAIL PROTECTED]        To:     "'Patrick McAllister'" 
<[EMAIL PROTECTED]>,                      
                    m>                   [EMAIL PROTECTED]            
                            
                                         cc:     (bcc: Justin Andrusk)                 
                            
                    03/07/2002           Subject:     RE: scary site                   
                            
                    09:22 AM                                                           
                            
                                                                                       
                            
                                                                                       
                            





-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The problem with turning of scripting is that it "breaks" most of
ie's functionality.  I have gotten a lot of offlist and cc'ed to the
list mail about this.  I am sorry for not being more specific
earlier; it worked for me running win xp, ie 6 and all patches.  It
doesn't appear to work on win 9x with ie 5 or win 2k with ie 5. Your
mileage may vary.

Cheers,

Leon

- -----Original Message-----
From: Patrick McAllister [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 6:23 AM
To: leon; [EMAIL PROTECTED]
Subject: Re: scary site

If possible, turn of scripting (assuming your using IE)...that will
prevent
it from running. Also it generates all kinds of alerts on my AV
software....


- ----- Original Message -----
From: "leon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 05, 2002 12:30 PM
Subject: scary site


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> http://www.liquidwd.freeserve.co.uk/
>
>
> Try it with a windows machine and IE with all patches.
>
> Be afraid be very afraid.
>
> FYI this is for all those people who are think that just having a
> firewall is enough.
>
> Guess what?
>
> This works through packet filter, stateful inspection and proxy
> servers.
>
> Cheers,
>
> Leon
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use
> <http://www.pgp.com>
>
> iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t
> T73+xCv/VhrCGDVDIVrFBqZl
> =9gR6
> -----END PGP SIGNATURE-----
>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPId3n9qAgf0xoaEuEQJ/sgCgvDNdBke4PLPdme62o0wXyz6AOJsAnjQ6
CUp0dkENeGHXirRYWsLXlwu0
=K0x0
-----END PGP SIGNATURE-----

RE: scary site

Reply via email to