OT: Vista's "ultimate" security :)

Bill Campbell bill at celestial.com
Tue Feb 6 12:18:42 PST 2007 

On Tue, Feb 06, 2007, Fairlight wrote:
>Simon--er, no...it was Kenneth Brody--said:
>> 
>> Next, consider a malicious website that plays "bad" audio files.
>> 
>> Perhaps a website which attempts to download an executable to
>> your system, and then plays an audio file which answers the
>> questions that the security warning popup would ask.
>
>Which was always my assumption behind the assertion that programs like
>Anzio should never have escape code command activation on by default.  If
>you go to a site with a "bad" /etc/issue, you're just as screwed.
>
>And it's far easier to do than trigger voice activation.  I'd consider it a
>broader target vector.

This isn't anything new.  It goes back to the issue of dumb terminal
function keys, programmable from the computer.  Imagine programming the F1
key to do something like ``rm -rf /'' or perhaps ``sudo rpm -rf /''.

On a somewhat related FilePro note, one of my customers had a FilePro
application where the original programmer made extensive use of computer
programmable function keys for the Radio Shack DT-100 terminals, hard coded
in C wrappers for his travel tours application.  He assigned multi-key
sequences of commands which made things pretty easy to use.  Unfortunately
everything was hard-coded for the DT-100, and he and his source code were
long gone.  BTW.  The program was compiled for '286 Xenix so it would only
run on SCO Unix.

Actually one of the more fun projects was to write a shim that ran between
the user's terminal/keyboard and the FilePro appliation.  It's the only
time I've had to write a program that did a fork exec, with two processes
handling the i/o mapping the function keys to his codes, and changing the
mapping in response to the DT-100 codes received from the computer.  This
is the only time I've ever had a program that really required using shared
memory as that's where I handled the function key mappings.

Fortunately that customer retired recently, and I no longer have to support
that software.

Bill
--
INTERNET:   bill at Celestial.COM  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

With Congress, every time they make a joke it's a law; and every time
they make a law it's a joke.
		-- Will Rogers

More information about the Filepro-list mailing list