Editing Talk:1247: The Mother of All Suspicious Files
Please sign your posts with ~~~~ |
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 3: | Line 3: | ||
http://www.ip-tracker.org/locator/ip-lookup.php?ip=65.222.202.53, some place in the USA. Looks random, but still... - Actually this IP hosted some javascript that exploited some FF17 weaknesses on Windows NT during the last LEA TOR raid. | http://www.ip-tracker.org/locator/ip-lookup.php?ip=65.222.202.53, some place in the USA. Looks random, but still... - Actually this IP hosted some javascript that exploited some FF17 weaknesses on Windows NT during the last LEA TOR raid. | ||
− | The IP address 65.222.202.53 geolocates to a Starbucks just outside the beltway in Washington. DC. | + | The IP address 65.222.202.53 geolocates to a Starbucks just outside the beltway in Washington. DC. |
Someone mentioned you see the word Hackers as well as a pirated movie... In fact the pirated movie is the 1995 movie named Hackers. Edited it to make the reference clear.{{unsigned|Sonofaresiii}} | Someone mentioned you see the word Hackers as well as a pirated movie... In fact the pirated movie is the 1995 movie named Hackers. Edited it to make the reference clear.{{unsigned|Sonofaresiii}} | ||
Line 34: | Line 34: | ||
: Yes, this is a joke. I it is a comic. [[Special:Contributions/184.66.160.91|184.66.160.91]] 05:06, 7 August 2013 (UTC) | : Yes, this is a joke. I it is a comic. [[Special:Contributions/184.66.160.91|184.66.160.91]] 05:06, 7 August 2013 (UTC) | ||
− | |||
− | |||
"...CO - looks like a top-level domain. Many countries use .co.tld in front of their main TLD, e.g. .co.uk...." Aha! I always thought co.uk meant "Cornwall, United Kingdom." And I couldn't figure out why all their domains were mediated through Cornwall. Every day, I meet a new opportunity to feel clueless...{{unsigned|24.79.13.247}} | "...CO - looks like a top-level domain. Many countries use .co.tld in front of their main TLD, e.g. .co.uk...." Aha! I always thought co.uk meant "Cornwall, United Kingdom." And I couldn't figure out why all their domains were mediated through Cornwall. Every day, I meet a new opportunity to feel clueless...{{unsigned|24.79.13.247}} | ||
− | |||
− | |||
On a scale of 'party' to 'judge' in the 'Sketchiness' scale ( http://www.explainxkcd.com/wiki/index.php?title=Sketchiness ), how sketchy is this file? [[User:Greyson|Greyson]] ([[User talk:Greyson|talk]]) 13:38, 6 August 2013 (UTC) | On a scale of 'party' to 'judge' in the 'Sketchiness' scale ( http://www.explainxkcd.com/wiki/index.php?title=Sketchiness ), how sketchy is this file? [[User:Greyson|Greyson]] ([[User talk:Greyson|talk]]) 13:38, 6 August 2013 (UTC) | ||
Line 56: | Line 52: | ||
I think a significant and unexplained element of the joke is the fact that by switching to https, the download would ''not'' be scanned by many anti-virus gateway products on the market, because the scanner is unable to inspect the content within the encrypted stream. By clicking on "Save" (if it weren't greyed out) without switching to https, the file is likely to be scanned for virus/malware signatures. By switching to https, this scanning is not available. | I think a significant and unexplained element of the joke is the fact that by switching to https, the download would ''not'' be scanned by many anti-virus gateway products on the market, because the scanner is unable to inspect the content within the encrypted stream. By clicking on "Save" (if it weren't greyed out) without switching to https, the file is likely to be scanned for virus/malware signatures. By switching to https, this scanning is not available. | ||
− | Also, I think the 255 character size is important, either as an attempt to overflow a buffer, or as as a means to bypass a scanner (as some scanning systems limit their scope to only the start of a file, where virus signatures are generally found, to maintain throughput). Perhaps if the Windows filename limit is 255 characters, then a 256 character filename might not be detected as having a .EXE extension, thus bypassing a gateway scanner. | + | Also, I think the 255 character size is important, either as an attempt to overflow a buffer, or as as a means to bypass a scanner (as some scanning systems limit their scope to only the start of a file, where virus signatures are generally found, to maintain throughput). Perhaps if the Windows filename limit is 255 characters, then a 256 character filename might not be detected as having a .EXE extension, thus bypassing a gateway scanner. |
+ | |||
[[Special:Contributions/120.144.147.191|120.144.147.191]] 09:19, 7 August 2013 (UTC) | [[Special:Contributions/120.144.147.191|120.144.147.191]] 09:19, 7 August 2013 (UTC) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |