ABM Considered Harmful (was: piercing corporate)
Dan Jenkins
dan at rastech.com
Wed Feb 18 09:52:45 EST 2004
On Mon, 9 Feb 2004, at 5:17am, invalid at pizzashack.org wrote:
> VBScript and WSH are something else. They're basically a system
> scripting language, just like Perl or Python (and, indeed, you can
> connect both of those to WSH). The luser has to "double click" to
> open the attachment and run the script. That is equally possible
> under Linux.
Actually, it is possible to have VBScript execute automatically without
user intervention.
You can code HTML in web pages or emails which does this. Similarly
Outlook will still
execute Javascript in emails. (So will Mozilla, but it can be turned
off.) If you use certain
file extensions, I believe Internet Explorer would execute WSH code in
local user security
(rather than Internet security). I believe there are patches for
Internet Explorer and Outlook
to eliminate this behavior, but it did/does exist.
I've gleaned these from security discussions, not personal experience.
Most of my clientelle
use Mozilla (or Netscape), which are relatively immune to the more
egregious exploits it seems.
--
Dan Jenkins (dan at rastech.com)
Rastech Inc., Bedford, NH, USA --- 1-603-624-7272
*** Technical Support for over a Quarter Century
More information about the gnhlug-discuss
mailing list