View Single Post
  #26  
Old May 19th 17, 01:06 AM posted to rec.photo.digital
Diesel
external usenet poster
 
Posts: 346
Default Where I keep my spare cats.

Whisky-dave
Thu, 18
May 2017 14:04:48 GMT in rec.photo.digital, wrote:

Well, actually, it can be,


but isn't


http://www.cvedetails.com/vendor/787/Winzip.html



[snip for brevity]

I don't download vunerable viewers.


How would you know if it was when you downloaded it? The vulnerability
reports tend to come after the fact.

And, you do use a browser, right?

Do you click on the dropbox links?


If they lok valid and I'm on a Mac computer yes.


You think the Mac is immune?

Do you blindly trust the
scripts it loads just to show you a picture? They do more than
that, but for the sake of my question, do you just trust them and
click?


If the link is from dropbox and the URL looks OK and IO donlt
think there;s any reason to distust the poster of that link then
yes.


The poster of the link isn't the one who creates the scripts dropbox
uses, so what does trusting the poster have to do with my question?

That's alright. That's what file header data is for. As this
particular .zip file was created with the original software,


that doesn;t make it safe anyone can zip a virus.


True. However, the virus isn't magically going to 'get you' just by
unzipping the file containing it. Another step is required for that to
happen. First, you'd have to unzip the .zip file, second, you'd have to
be stupid enough to double click the unknown file that came out of the
..zip file, rather than load it into something that won't execute code,
but show you the raw contents instead. A hex editor, or, a text and
only text based viewer/editor.

Do I care, Nope.


I got that impression awhile ago.

Why would I bother with HTTPS for a site that has no interaction
with the user, and, isn't free to implement? What possible
advantage would it give me?

It indicates it;s secure so peole like me are more willing to
trust it.


ROFL! It indicates NOTHING of the sort.

http://www.helpwithpcs.com/jargon/http.htm
What is HTTPS?
HTTPS is a secure adaptation of HTTP which you will find in common use
on secure areas when visiting websites.

Note: You should always ensure you are using a HTTPS connection when
providing sensitive information to a website.

As I told you, previously, there are no secure areas on the bughunter
site. It doesn't host a forum, it offers you, the visitor, NO
INTERACTION. No scripts, no pictures (Unless you want to click the link
pointing to the jpeg of my deceased red long hair persian)

It's a plain jane html site with some direct links via urls that you
can click on if you want. Nothing more, nothing less.


And, by interaction, there's nothing for you to
login to, no place to leave a comment, nothing. It's very simple
and straight forward, old school html, without a single script. A
486 could render it with ease, on Windows 3.x using netscape.


The sort of thing that the recent mal/rasmonware have infected so
an excellent reason for not going there.


You don't make any sense. There's absolutely no interactive aspect to
the site. There's nothing it's going to 'run' inside your browser. And
nothing for the 'malware' to exploit, either. No forum code, no
vulnerable javascript, java, ajax, etc. Nothing. If you'd like to
discuss the finer points of Malware sometime, I'll be happy to teach
you all about it. You could probably use the knowledge.

As presently, you're spreading FUD. You're probably okay with that,
but, it is annoying for those of us who know better. Ignorance such as
that which you display contributes to the malware problem. As long as
people such as yourself remain, grossly ignorant concerning it, Malware
is *never* going to go away.

The recent attack on the UK hospitals, etc, is a perfect example of
that. Gross ignorance by the office employees as well as the IT staff.
The SMB ports should *never* have been improperly firewalled; which is
what allowed it to spread around, once the first idiot! clicked the
phishing link and allowed malicious code (again, the IT staff is just
as guilty for improper system policy setup) to run on his/her machine.

I won't even begin to discuss the sheer stupidity in lack of
maintaining useful patient record backups!

It didn't magically get loaded on any of those networks. Gross
ignorance allowed it, from the office worker to the IT personal.


I have
nothing that requires a secure, encrypted session with you on
that site...

For more on the https or not to https, see he

https://tech.slashdot.org/story/11/0...-Doesnt-Every-
Website

-Use-HTTPS

then why do they use https ?
Surely it's just a link to a text explanation.


It's a forum, a discussion forum. That has user accounts. You can login
to it, so it has interactive data that should be protected from prying
eyes. Which is what HTTPS is for. As my site has no such options,
there's no point in using HTTPS for it.

Unless you don't trust that site, either.


Well it does have https so why shouldn't I ?


But, you didn't check it out. And, just because a site is using
HTTPS does NOT mean the site is 'safe' or otherwise 'secure' and won't
slip you a mickey. That's just not how things work.

Don't know. You seem concerned with the .zip file doing you harm.


They are pretty much the easist way to get infected .


Not hardly. Compromised websites, including HTTPS enabled ones are one
of the easiest vectors for acquiring unwanted software on your machine.
That's done by usage of scripts that your browser will happily execute,
without your knowledge, or consent, most of the time. Unless you have
various script blockers enabled, and, don't use browsers with known
vulnerabilities hindering the script blocking programs.


You've never heard of Malwarebytes Antimalware? Have you been
living under a rock, or, are you not a Windows user?


correct I'mm not a windows users our IT people on PCS use macfee
or soemthing they decide on and pay for.


mcrappy? That's never been a top notch AV program. John Mcafee sold
the pile of **** for a lot of money, years ago. He's a smart man like
that.


So, you see, I'd have nothing to gain by planting malware of
any kind on your machine or anyone elses, but, a whole lot to
lose by doing so.

it's your word and I don't know who you are.


I told you who I am.


Some knew who jimmy savelle was some didn't some thought they
knew.


Fair enough, but, I'm always under peer review and scrutiny. So, I
stand by what I wrote.

As well as what's on the site I previously
provided a link to. The .zip file contains a single, ASCII TEXT
file. Do you think by opening the unzipped file in NOTEPAD, Any
harm would come to your system?


No idea don't care, but what am I likely to gain by doing this...
free money, free sex, free beer ?


The answer to my question is a resounding No. Notepad is unable to
execute code of any kind. That's not what it's for. What you would gain
is evidence concerning David Brooks shady aspects. Nothing else.



ş Pentium II class CPU detected.


Didnlt the pentium II come out just after the romans built
hadrains wall,
but I'm not that good with history TBH.


You aren't so hot with IT either. PKZIP 2.0.4g doesn't know what
cpus are past the pentium II. As later processors are for the most
part, backwards compatible, it's check routine sees any later chip as a
pentium II. This one is actually a dual P3/800mhz system running in SMP
mode. It has two processors, mated. It's a dinosaur, by standards of
the day, but, still a workhorse for the things in which I use it for. I
have much faster, more capable machines on this network, but, they
serve other purposes.

DAVID.TXT is a complete, unedited, copy of ALL the email
correspondence between him and myself, in the order it was
sent/received.


So you're attempting to bore me to death, well that's a new sort
of virus.

As I told you. It's zipped because, well, it doesn't
make sense to send a half meg file to everyone who wants a copy,


1/2 meg is **** all.


Sorry, I was raised in the time period that you didn't waste resources
just because you could. My first computers didn't have much ram, or
hard drives, etc. Back then, the computer didn't have much to play
with, so you wrote tight efficient code, and, you didn't waste
resources as you did so.

when I could send a smaller file instead. Why waste bandwidth
and resources of my domains provider?


because you're paying them ?


Nope. It was freely provided to me, years ago. I have full control over
it, too. But, that doesn't mean I should waste resources and bandwidth,
just because I can.

I *was* a nasty person, at one point. Many years ago. I've since
'changed my evil ways'


don't we all ?


No. Some still tend to do the same stupid things, over and over again.
Incapable of learning from their previous mistakes.

and used my skills for productive things,
that of a malware researcher instead of developer. Not that I
only developed malware, mind you, I did write other stuff too:


You develope malware ?


I have in the past, yes.

Alright then. David Brooks is a stalker (amongst other things)
and contacted me via email under false pretenses, asking about my
program, but, attempting to groom me to do some shady hacking for
his sole benefit, against two! web forums he was previously
banned from. The .zip is the complete and unedited email
correspondence, in order, between David Brooks and myself,
proving that what I've written above is true! Copied directly
from my Pegasus email client, no less.


well thanks for the warning but I'll treat him the same way I do
others that I donlt know, I won't download his zips either.


Fair enough.

A plain ASCII TEXT FILE. You can
open it in notepad. Notepad isn't going to run any macros, or
other 'code' of any kind. IE: I can't very well slip you a mickey
if you use notepad.


Mickey finn drummer from T.rex ;-)


Hah!

Your logic needs some work...If any actual malware expert, such
as myself, provided you a .zip file containing detailed
instructions (and likely additional files to remove the malware
from your machine for you), there'd be a logical reason for doing
so. (as outlined above).


Could be a double bluff. I've no more reason to trust what you
say than certain others I don't feel I know very well.


Sure, and hell could freeze over tonight. North Korea could send an
ICMP with a viable nuclear warhead by tomorrow afternoon. Is either
likely? No.


--
I would like to apologize for not having offended you yet.
Please be patient. I will get to you shortly.