Comments:	Authenticated sender is <alaric+abwillms AT sdps DOT demon DOT co DOT uk>
From:	"Alaric B. Williams" <alaric AT abwillms DOT demon DOT co DOT uk>
To:	"Mike A. Harris" <mharris AT blackwidow DOT saultc DOT on DOT ca>
Date:	Fri, 21 Mar 1997 07:09:15 +0000
MIME-Version:	1.0
Subject:	Re: [opendos] OpenDOS Startup logo [brannanp]
Reply-to:	alaric AT abwillms DOT demon DOT co DOT uk
CC:	opendos AT mail DOT tacoma DOT net
References:	<Pine DOT BSI DOT 3 DOT 95 DOT 970313211309 DOT 23078A-100000 AT infomatch DOT com>
In-reply-to:	<Pine.LNX.3.95.970320045722.12128x-100000@capslock.com>
Message-ID:	<858927993.1021740.0@abwillms.demon.co.uk>

On 20 Mar 97 at 4:58, Mike A. Harris wrote:

> HAHAHAH!! I love pulling tricks like that on unsuspecting
> victims!

Well you should see what people do with the Acorn machines at school! Their
OS is nice and flexible, to a certain extent, but TOTALLY insecure.

Eg: Click on a drive icon to get a menu, drag the menu, tap Escape, stop dragging;
disk driver crashes, we lose a disk drive until the next reboot (yippee!)

Eg: Today, a friend and I uprooted a cache of porn on one of the 
system. The application itself was just a stub that invoked a DLL-type thing
that hooked the filer, turning an innocent file deep within a certain application
into a directory full of pornographic JPEGs, and invoking an HTML browser in that
directory (through a chain of environment variables to hide the pathname) to scroll
the pages (they were quite professionally done, actually!). Thing is, the silly idiot
had left the "Username:" field in the browser's configuration file filled in when
he made the copy.

Oh yeah, it was stored on a part of the disk that's password protected, BTW. He'd 
written a program that scabbed the password from the CMOS as well.

Anyway, we have his name. FLAMED!!!


ABW
--
Alaric B. Williams (alaric AT abwillms DOT demon DOT co DOT uk)

   ---<## OpenDOS FAQ ##>---
Plain HTML: http://www.delorie.com/opendos/faq/

- Raw text -