[Zimphire]

There is a new nasty exploit going around,

From the mouths of the very people who hate Apple.


http://www.ihateapple.com/forums/sho...1&fid=12&tid=0

Anyone else heard about this?

[TonyRado]

So�

if I emailed my PeeCee Friends w/ a link in the sig line that said something like "hcp://system/DFS/uplddrvinfo.htm?file://c*.*\*" it would delete my friends' HD when they clicked on it?

[Zimphire]

Yes if he clicked on it.

[C.J. Moof]

Yikes! I just verified it. This is, in fact, very real.

Confirmed on a Dell 450, XP Pro setup.

[xi_hyperon]

Nevermind, CJ Moof has rendered my post moot.

[boardsurfer]

Originally posted by TonyRado:
So�

if I emailed my PeeCee Friends w/ a link in the sig line that said something like "hcp://system/DFS/uplddrvinfo.htm?file://c*.*\*" it would delete my friends' HD when they clicked on it?

Now Now TonyRado, you wouldnt be thinking of that idiot IT guy in your-- nnaaaaaaahhh, of course not.

[ringo]

Holy Crap that's a nasty bug. Somebody's gonna combo this with an Outlook Preview Pane bug...evil, evil, evil stuff <shudder>.

[babble]

Gnahahahahahahahaha!!!

Come here PC "friends", click on my link!!!

[TonyRado]

Originally posted by boardsurfer:


Now Now TonyRado, you wouldnt be thinking of that idiot IT guy in your-- nnaaaaaaahhh, of course not.

BWWAAAAAHHHHAAAAHHAAAHHAAHHAAAAAAA!!!

Doh! It won't work here b/c he he hasn't upgraded past Win98. Meh, I guess he's just too smart for us.

C.J., does it actually eat itself up in the process. I mean, by wiping everything does the email and link that "caused" the problem vanish as well!!! If so, that soo effin cool, er, I mean not nice.

[C.J. Moof]

Originally posted by TonyRado:


C.J., does it actually eat itself up in the process. I mean, by wiping everything does the email and link that "caused" the problem vanish as well!!! If so, that soo effin cool, er, I mean not nice.

Didn't email it, just made some dummy folders, put some bogus documents in them, copied and pasted the link into either IE5 or the location bar at the top of the file system window, and *poof*. Files go bye-bye. Call your test folder whatever you want... doesn't matter as long as the URL matches. I'm pretty confident that ending it in C* will kill a C: drive, but I'm not about to verify it!

The listed workarounds appear to work- I uncommented the oFSO.DeleteFile( sFile ); line, and the killer URL was rendered powerless. If you've got XP, you've got something to be doing RIGHT NOW! You know that folks are right now working on how to cause damage with this weakness.

The real scary thing is that this is just a stupid Jscript. While I've now secured the XP machine from this existence of the killer code, there's nothing to keep it from appearing in another way.

The potential for destruction is _HUGE_ with this one.

<kisses Pismo in appreciation>

[IUJHJSDHE]

wow, hmm.

the fact the bug exists does not supprise me that much.
the fact that microsoft makes these mistakes supprises me the most

[Zimphire]

Just think of the ones they haven't found yet.

[Drizzt]

Luckyly I downgraded my XP machines to 2K... I just hope 2K doesn't have this bug..

/me kisses iBook in appreciation

[Zimphire]

Originally posted by Drizzt:
Luckyly I downgraded my XP machines to 2K... I just hope 2K doesn't have this bug..

/me kisses iBook in appreciation

From what I have been told, it's a XP only thing.

So much for MS's deal about improving on security, It seems to be only getting worse.

[Drizzt]

Originally posted by Zimphire:


From what I have been told, it's a XP only thing.

So much for MS's deal about improving on security, It seems to be only getting worse.

What? You're expecting them to make things better, and not charging a premium for it? They have a long history of leaving problems behind so they could sell a new "upgrade" for it.. don't they..

[::maroma::]

This is most excellent. Always good ammo to use when your PC friends start bashing the MacOS. It's things like this that make me proud to be a Mac user. I will gladly shell out full price for Jag, just knowing that there aren't gigantic security holes like this one.

Originally posted by TonyRado:
So�

if I emailed my PeeCee Friends w/ a link in the sig line that said something like "hcp://system/DFS/uplddrvinfo.htm?file://c*.*\*" it would delete my friends' HD when they clicked on it?

Hmmm, what if you put that link inside an image tag? (or a javascript) so that it would load as soon as the recipient even looks at the message?

[TNproud2b]

That's almost as cool as the iTunes combination upgrade & drive formatter.

Who uses the 'help' feature of WinXP? I never knew it existed.

I wish somebody would give me a link that deletes the entire 'help' feature - to alleviate some of the OS bloat. XP takes up almost a gig of space!

[Drizzt]

Originally posted by TNproud2b:
That's almost as cool as the iTunes combination upgrade & drive formatter.

Who uses the 'help' feature of WinXP? I never knew it existed.

I wish somebody would give me a link that deletes the entire 'help' feature - to alleviate some of the OS bloat. XP takes up almost a gig of space!

Just to remind you that the iTunes installer bug was only affecting users with more than 1 drive and having a space in the "other than boot" drive's name.. The quantity of persons touched by that is quite smaller than all Windows XP users

[TNproud2b]

Originally posted by Drizzt:


Just to remind you that the iTunes installer bug was only affecting users with more than 1 drive and having a space in the "other than boot" drive's name.. The quantity of persons touched by that is quite smaller than all Windows XP users

It wiped their drive clean.

HAHAHAHAHA

I laughed so hard my sides ached.

[Zimphire]

Originally posted by TNproud2b:
That's almost as cool as the iTunes combination upgrade & drive formatter.

Who uses the 'help' feature of WinXP? I never knew it existed.

I wish somebody would give me a link that deletes the entire 'help' feature - to alleviate some of the OS bloat. XP takes up almost a gig of space!

That feature is turned on by default.

[Zimphire]

Originally posted by TNproud2b:



It wiped their drive clean.

HAHAHAHAHA

I laughed so hard my sides ached.

Yeah it wiped a FEW people's HD.

This is going to be really messy in comparison.

[TNproud2b]

oh, I'm sure it'll be total mayhem when that 'help' file is deleted.


If ALL Windows users were affected by this - maybe six would notice.

[Zimphire]

Originally posted by TNproud2b:
[B]oh, I'm sure it'll be total mayhem when that 'help' file is deleted.

I am not talking about your average Windows user expert here, I am talking about people who don't even change their DTP, you know most of Windows users out there.

If ALL Windows users were affected by this - maybe six would notice.

Err.. do you even know what this does? It has the power to delete your WHOLE HARD DRIVE. I think more than 6 people would notice.



Why are you trying to make this out to be a smaller deal than it actually is?

A apoligist?

I think it sucks too, but I am not making excuses for it. Or poo pooing it's potential to be a big problem.

[TNproud2b]

no.

it has the ability to delete specified folders in specified places - only if you are the 'owner' of the folder - or have a user account that was given that priviledge by the administrator.

It cannot delete your hard drive - but the iTunes update sure could

[Chris Grande]

Just tested it with a test folder, and holyshit! Talk about very very very very bad!

[Zimphire]

Originally posted by TNproud2b:
no.

it has the ability to delete specified folders in specified places - only if you are the 'owner' of the folder - or have a user account that was given that priviledge by the administrator.

It cannot delete your hard drive -

Ah so I see you don't know what it really does. Indeed it can deleted your WHOLE HD on a single click.

but the iTunes update sure could

The difference is, that only effected a few people, this effects ALL XP users.

Now in your next response I will expect you to again deny it does anything, and bring up the rare iTunes deleting happenstance.

[TNproud2b]

typical knee-jerk Mac zealot responses...

To put things in perspective, let's see how EASY it would be to actually perpetrate this exploit.

From Microsoft:

(ack wrong copy/paste)

[Zimphire]

typical knee-jerk Mac zealot responses...


From Microsoft:

August 2002

There has been a good deal of discussion and speculation recently about a reported security vulnerability involving how Internet Explorer identifies secure web sites. The Microsoft Security Response Center has investigated the report and we�d like to provide information about the issue and our plans for addressing it... <---snip--->

ROFL! Indeed, considering what you posted is NOT talking about the exploit I that this post is. This is NOT the SSL exploit. This is something different entirely.

Like I said, you obviously don't know what is going on, and your are jumping to MS's defense anyhow.

Typical MS apologist.

Bill wants you to lie for him.

[Apple Pro Underwear]

TN, you guys should thank us.

Every copy of Norton Anti-virus for Macs are bought to stop the spread of viruses from our non-affected computers to you wintel guys.

so ungrateful...

[Zimphire]

Originally posted by Apple Pro Underwear:
TN, you guys should thank us.

Every copy of Norton Anti-virus for Macs are bought to stop the spread of viruses from our non-affected computers to you wintel guys.

so ungrateful...

Heh, I have never ran a virii scanner. Ever.

I think 99% of virii can be stopped at user level.

[(s)macintosh]

I'm wondering if you can put the exploit in as a random http refresher... Like pop open a window on a web site with the exploit as the url? That's something that a user doesn't have to click on ya know.

[TonyRado]

Will someone PLEASE just create a test "*/*" link here and let our friend TN try it for us as an experiment. TN, I think I remember you saying that you had another PeeCee somewhere (so that you can actually let us know what the result are).

What would be REALLY cool is if you could add a few other drives to the command (that might exist on some computers i.e., D:: E: F:, etc.)"before" the C: drive. Now THAT is something to write home about.

[amsalpemkcus]

Originally posted by TNproud2b:
typical knee-jerk Mac zealot responses...

To put things in perspective, let's see how EASY it would be to actually perpetrate this exploit.

From Microsoft:

(ack wrong copy/paste)

Dude, gone to get a Dell? BTW: I mentioned this to my cousin, an XP user, last night and after he tried the test folder he actually overnight reformatted his HD and has win2k on his HD now. I guess it can make one very afraid! It will be pretty stupid to deny this as a less serious exploit. Anyway, way to go m$!! TNproud2b give up XP man, I use win2K myself all the time, but I dont think I will ever install XP, I think m$ is finally losing it.
http://www.theinquirer.net/?article=5090

[Drizzt]

Originally posted by TNproud2b:
no.

it has the ability to delete specified folders in specified places - only if you are the 'owner' of the folder - or have a user account that was given that priviledge by the administrator.

It cannot delete your hard drive - but the iTunes update sure could

Just to remind you..

"Everyone" has "Total Control" over "Anything" on XP's default install...

[Drizzt]

The bug works indeed.. but it can't delete subfolders, neither files in subfolders..

It still is a huge security hole IHMO

[CharlesS]

Originally posted by hayesk:


Hmmm, what if you put that link inside an image tag? (or a javascript) so that it would load as soon as the recipient even looks at the message?

Why not find out? Someone post a link in an image tag in this thread that deletes your entire hard drive, and then we will see if TN is ever able to post in this thread again.

<evil grin>

[Mac Zealot]

[snipz0r.]

Don't want to erase hard drives, naughty naughty!

* gorgonzola wags finger

[Rebel Without a Clue]

Originally posted by Mac Zealot:
<snip>

not even close to funny, asshole.

[voodoo]

Made me laugh!

[C.J. Moof]

BTW, you won't want to click that link in .net server RC1 either....

[Zimphire]

[snipz0r]

Heh

[nana4]

Mods: I request that Zimphire be warned/banned for distributing destructive code. Surely a violation of the Terms and Conditions of membership?

[Zimphire]

Originally posted by nana4:
Mods: I request that Zimphire be warned/banned for distributing destructive code. Surely a violation of the Terms and Conditions of membership?

LOL!

[Link]

Do i need to repost that link? somehow read this and got a good laugh about it again.

next time I work on my site I'm going to sneak in a meta refresh with that link.. mwuahahahaahaa

Edit: seeing this title agani reminds me of the time a few years ago when I had countless ignore links in my sig.. perhaps I should bring this back?

[Lerkfish]

well, I think people should remember that there might be OTHER windows user people besides TNProud2B who might wander into this thread.

Not a good thing to leave dangerous codes lying around that just anyone could pick up.

*waggles finger*

[Link]

*hands lerkfish a doggy treat*

good boy!

[sniffer]

Nah. Didn't work on my system. To bad. I was considering sending it to some jerk that pissed me off.

It could be that Ms have fixed the issue. I have all the updates and btw my windows folder is on a second pertition.

Good news for windows users anyway.

[Severed Hand of Skywalker]

Better question is why the hell is Zimph a member there?

[philzilla]

Originally posted by Severed Hand of Skywalker:
Better question is why the hell is Zimph a member there?

aww, didn't he ask your permission first?