Editing Talk:1247: The Mother of All Suspicious Files
Please sign your posts with ~~~~ |
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 3: | Line 3: | ||
http://www.ip-tracker.org/locator/ip-lookup.php?ip=65.222.202.53, some place in the USA. Looks random, but still... - Actually this IP hosted some javascript that exploited some FF17 weaknesses on Windows NT during the last LEA TOR raid. | http://www.ip-tracker.org/locator/ip-lookup.php?ip=65.222.202.53, some place in the USA. Looks random, but still... - Actually this IP hosted some javascript that exploited some FF17 weaknesses on Windows NT during the last LEA TOR raid. | ||
− | The IP address 65.222.202.53 geolocates to a Starbucks just outside the beltway in Washington. DC. | + | The IP address 65.222.202.53 geolocates to a Starbucks just outside the beltway in Washington. DC. |
Someone mentioned you see the word Hackers as well as a pirated movie... In fact the pirated movie is the 1995 movie named Hackers. Edited it to make the reference clear.{{unsigned|Sonofaresiii}} | Someone mentioned you see the word Hackers as well as a pirated movie... In fact the pirated movie is the 1995 movie named Hackers. Edited it to make the reference clear.{{unsigned|Sonofaresiii}} | ||
Line 34: | Line 34: | ||
: Yes, this is a joke. I it is a comic. [[Special:Contributions/184.66.160.91|184.66.160.91]] 05:06, 7 August 2013 (UTC) | : Yes, this is a joke. I it is a comic. [[Special:Contributions/184.66.160.91|184.66.160.91]] 05:06, 7 August 2013 (UTC) | ||
− | |||
− | |||
"...CO - looks like a top-level domain. Many countries use .co.tld in front of their main TLD, e.g. .co.uk...." Aha! I always thought co.uk meant "Cornwall, United Kingdom." And I couldn't figure out why all their domains were mediated through Cornwall. Every day, I meet a new opportunity to feel clueless...{{unsigned|24.79.13.247}} | "...CO - looks like a top-level domain. Many countries use .co.tld in front of their main TLD, e.g. .co.uk...." Aha! I always thought co.uk meant "Cornwall, United Kingdom." And I couldn't figure out why all their domains were mediated through Cornwall. Every day, I meet a new opportunity to feel clueless...{{unsigned|24.79.13.247}} | ||
Line 56: | Line 54: | ||
I think a significant and unexplained element of the joke is the fact that by switching to https, the download would ''not'' be scanned by many anti-virus gateway products on the market, because the scanner is unable to inspect the content within the encrypted stream. By clicking on "Save" (if it weren't greyed out) without switching to https, the file is likely to be scanned for virus/malware signatures. By switching to https, this scanning is not available. | I think a significant and unexplained element of the joke is the fact that by switching to https, the download would ''not'' be scanned by many anti-virus gateway products on the market, because the scanner is unable to inspect the content within the encrypted stream. By clicking on "Save" (if it weren't greyed out) without switching to https, the file is likely to be scanned for virus/malware signatures. By switching to https, this scanning is not available. | ||
− | Also, I think the 255 character size is important, either as an attempt to overflow a buffer, or as as a means to bypass a scanner (as some scanning systems limit their scope to only the start of a file, where virus signatures are generally found, to maintain throughput). Perhaps if the Windows filename limit is 255 characters, then a 256 character filename might not be detected as having a .EXE extension, thus bypassing a gateway scanner. | + | Also, I think the 255 character size is important, either as an attempt to overflow a buffer, or as as a means to bypass a scanner (as some scanning systems limit their scope to only the start of a file, where virus signatures are generally found, to maintain throughput). Perhaps if the Windows filename limit is 255 characters, then a 256 character filename might not be detected as having a .EXE extension, thus bypassing a gateway scanner. |
+ | |||
[[Special:Contributions/120.144.147.191|120.144.147.191]] 09:19, 7 August 2013 (UTC) | [[Special:Contributions/120.144.147.191|120.144.147.191]] 09:19, 7 August 2013 (UTC) | ||
− | |||
:When you save the file to your file system it is not encrypted any more. The virus scanner will test this file. The length of the file name is 250 characters because "FILE=" is not part of the name.--[[User:Dgbrt|Dgbrt]] ([[User talk:Dgbrt|talk]]) 10:48, 7 August 2013 (UTC) | :When you save the file to your file system it is not encrypted any more. The virus scanner will test this file. The length of the file name is 250 characters because "FILE=" is not part of the name.--[[User:Dgbrt|Dgbrt]] ([[User talk:Dgbrt|talk]]) 10:48, 7 August 2013 (UTC) | ||
::I think by “anti-virus gateway“ he means something like a web proxy that scans all your traffic. That’s quite common in bigger networks – and quite annoying sometimes … [[User:Quoti|Quoti]] ([[User talk:Quoti|talk]]) 11:19, 7 August 2013 (UTC) | ::I think by “anti-virus gateway“ he means something like a web proxy that scans all your traffic. That’s quite common in bigger networks – and quite annoying sometimes … [[User:Quoti|Quoti]] ([[User talk:Quoti|talk]]) 11:19, 7 August 2013 (UTC) | ||
Line 64: | Line 62: | ||
I think the grayed out save button is a reference to Firefox behavior, which doesn't let you to immediately save the file after dialogue pops up. [[Special:Contributions/90.156.115.72|90.156.115.72]] 16:46, 8 August 2013 (UTC) | I think the grayed out save button is a reference to Firefox behavior, which doesn't let you to immediately save the file after dialogue pops up. [[Special:Contributions/90.156.115.72|90.156.115.72]] 16:46, 8 August 2013 (UTC) | ||
:No, this behavior is only valid for installing Add-ons, etc. When downloading a simple file you can save it immediately. But maybe there is an Add-on to change this.--[[User:Dgbrt|Dgbrt]] ([[User talk:Dgbrt|talk]]) 18:46, 8 August 2013 (UTC) | :No, this behavior is only valid for installing Add-ons, etc. When downloading a simple file you can save it immediately. But maybe there is an Add-on to change this.--[[User:Dgbrt|Dgbrt]] ([[User talk:Dgbrt|talk]]) 18:46, 8 August 2013 (UTC) | ||
− | |||
the '0day' could also be a reference to 0day warez, especially because it's right before the warezed movie reference... [[Special:Contributions/80.229.166.199|80.229.166.199]] 12:31, 10 August 2013 (UTC) | the '0day' could also be a reference to 0day warez, especially because it's right before the warezed movie reference... [[Special:Contributions/80.229.166.199|80.229.166.199]] 12:31, 10 August 2013 (UTC) | ||
− |