Thread: Where I keep my spare cats.
View Single Post
  #20  
Old May 18th 17, 12:40 PM posted to rec.photo.digital
Diesel
external usenet poster
  
Posts: 346
Default Where I keep my spare cats.
Whisky-dave
Wed, 17
May 2017 09:52:18 GMT in rec.photo.digital, wrote:

aside from those who've used
vulnerable archiving tools, that is.

Itl;s NOT the archiving tool that's the problem.

Well, actually, it can be, if the tool is vulnerable. Unless we're
talking about clicking on an executable you find inside the zip, or,
any other file that can support executable code/script/macro in one
way shape or form. A pdf, a .doc, xls file, etc.

The trick is, not clicking on an exe/pdf, etc, that might be
inside.

Why would you zip a PDF ?

I .zip all kinds of things. .Rar stuff too.

In this case, it's a straight txt file, with the appropriate
extension, so Windows won't be fooled into 'executing' it for
you.

It takes more than a few words from somneone I don't know to
convince me of that.

You do know you can view the filename contents of the .zip file with
your archiving tool, without unzipping it, right? Your archiving
tool may even include it's own internal viewer, which would have no
trouble opening a plain ascii text file; which is what's inside the
..zip file.

You seem concerned about the .zip file, but let me ask you
something. Do you click on the links that point to pictures being
shared here often? Did you know a properly malformed .jpg file if
viewed a vulnerable viewer (or browser) can cause malicious
executable code to run on your machine simply by you 'viewing' the
picture? Do you click on the dropbox links? Do you blindly trust the
scripts it loads just to show you a picture? They do more than that,
but for the sake of my question, do you just trust them and click?

The .zip file itself is created with PKZIP v2.0.4g as well; it
has no 'exploit' options to dupe whatever archiving tool you use.

I'd have no idea who or what was used to create the zip.

That's alright. That's what file header data is for. As this
particular .zip file was created with the original software, it does
contain identification data inside the header. PKWARE (Creator of
PKZIP) is, btw, the originator of the .zip file format. The original
owner of the company and PKZIP/PKUNZIP, etcs, author has since
passed away. PK stands for Phil Katz, the originator of the .zip
file format.

https://en.wikipedia.org/wiki/PKZIP
https://en.wikipedia.org/wiki/ZIP_%28file_format%29
https://en.wikipedia.org/wiki/Phil_Katz
https://community.spiceworks.com/top...ndard-was-born

And, one can always check the domain the .zip is hosted on, if
they're concerned about it's possible contents. Or the trust
issue.

It's the first step to take yes.

With you so far.

but if it were
http://bug-hunter.it-mate.com/bdemail1.zip

Did I post any such url? Nope.

You'll have to scroll down a little bit, but, they'll back me on the
domain I provided you:

http://www.completelyfreesoftware.com/du1_w31.html

And you can read the review they wrote for the program, if you'd
like. In the event the five doves isn't a big enough clue. The
program and the domain it's on is legitimate, as am I. The .zip file
is being hosted on my programs domain, and, I wouldn't risk the
domain OR tarnishing my reputation by hosting ANYTHING malicious on
it.


would this site be as trusted ?

There's no https which is what I'd look for .

Why would I bother with HTTPS for a site that has no interaction
with the user, and, isn't free to implement? What possible advantage
would it give me? And, by interaction, there's nothing for you to
login to, no place to leave a comment, nothing. It's very simple and
straight forward, old school html, without a single script. A 486
could render it with ease, on Windows 3.x using netscape. I have
nothing that requires a secure, encrypted session with you on that
site...

For more on the https or not to https, see he

https://tech.slashdot.org/story/11/0...site-Use-HTTPS

Unless you don't trust that site, either.

I'm an expert malware researcher, BugHunter is my program, and
that's BugHunters domain. It would take a second to remove the
.zip from the url and load the url without it and check that for
yourself. Easy.


why would I bother ?

Don't know. You seem concerned with the .zip file doing you harm.

Further, I'm also a former employee of Malwarebytes Corporation;
employed as, an expert malware researcher. Perhaps you've heard
of it?

No.

You've never heard of Malwarebytes Antimalware? Have you been living
under a rock, or, are you not a Windows user?

So, you see, I'd have nothing to gain by planting malware of any
kind on your machine or anyone elses, but, a whole lot to lose by
doing so.

it's your word and I don't know who you are.

I told you who I am. As well as what's on the site I previously
provided a link to. The .zip file contains a single, ASCII TEXT
file. Do you think by opening the unzipped file in NOTEPAD, Any harm
would come to your system?

using PKUNZIP -vn bdemail1.zip:

PKUNZIP (R) FAST! Extract Utility Version 2.50 03-01-1999
Copr. 1989-1999 PKWARE Inc. All Rights Reserved. Shareware Version
PKUNZIP Reg. U.S. Pat. and Tm. Off.

þ Pentium II class CPU detected.
þ XMS version 2.00 detected.
þ DPMI version 0.90 detected.

Searching ZIP: BDEMAIL1.ZIP

Length Method Size Ratio Date Time CRC-32 Attr Name
------ ------ ----- ----- ---- ---- -------- ---- ----
507425 DeflatX 191803 63% 03-14-2017 10:19 8e305db1 --wa DAVID.TXT
------ ------ --- -------
507425 191803 63% 1

DAVID.TXT is a complete, unedited, copy of ALL the email
correspondence between him and myself, in the order it was
sent/received. As I told you. It's zipped because, well, it doesn't
make sense to send a half meg file to everyone who wants a copy,
when I could send a smaller file instead. Why waste bandwidth and
resources of my domains provider?

And, Some of Davids replies contain HTML code because he insisted
upon sending plain text AND html of the same; and I made no edits of
ANY kind. My email client, Pegasus ignores html and shows me
plaintext only, but the 'raw' contents are still there. A modern
browser probably wouldn't try to render any of it, if I provided the
file raw on the site, instead of being .zipped instead, but, why
chance it? Notepad certainly won't render any html.

I was simply giving you and others a friendly heads up concerning
David Brooks.

I have no more reason to belive he is a nasty person than you are.

I *was* a nasty person, at one point. Many years ago. I've since
'changed my evil ways' and used my skills for productive things,
that of a malware researcher instead of developer. Not that I only
developed malware, mind you, I did write other stuff too:

http://bughunter.it-mate.co.uk/core/

If you have something to say say it don;t hid it behind a zip.

Alright then. David Brooks is a stalker (amongst other things) and
contacted me via email under false pretenses, asking about my
program, but, attempting to groom me to do some shady hacking for
his sole benefit, against two! web forums he was previously banned
from. The .zip is the complete and unedited email correspondence, in
order, between David Brooks and myself, proving that what I've
written above is true! Copied directly from my Pegasus email client,
no less.

How about proving what you say is correct rather than just offer a
zip file without saying what's in it.

I told you what's inside of it. A plain ASCII TEXT FILE. You can
open it in notepad. Notepad isn't going to run any macros, or other
'code' of any kind. IE: I can't very well slip you a mickey if you
use notepad.

Is this what malware security 'experts do' tell people that if
you don't want malware download this zip to find out how not to
get a virus....

Your logic needs some work...If any actual malware expert, such as
myself, provided you a .zip file containing detailed instructions
(and likely additional files to remove the malware from your machine
for you), there'd be a logical reason for doing so. (as outlined
above).




--
I would like to apologize for not having offended you yet.
Please be patient. I will get to you shortly.