More problems for Missy

Robert S. Thau (
Tue, 4 Mar 1997 13:33:21 -0500 (EST)

BTW, the followup articles are worth picking through, if only to pick
up true classic quotes from Microsoft spokescreatures, like this
excerpt from the InfoWorld piece, reporting statements made by an MSIE
product manager with the too-good-to-be-true name of Dave ("Uncle"?)

Fester was quick to point out that the security breach
could be triggered only by someone who intentionally
sought to do so.

What a relief! But wait, there's more:

And the malicious Web author must know
what programs are on the remote computer in order to
target them, he said.

"A Webmaster has to know what specific programs are on
(the target's) hard drive, as well as the path to use to
activate through a link," said Fester.

In other words, a malicious third party can't reformat your hard disk
unless they know the path to the FORMAT program (which is, IIRC,
standard on all Windows installations). How comforting!

At least the reporter had the good sense to point that there's
something fishy about these reassurances, and almost manages to
correctly say what:

However, hackers with any knowledge of DOS and
Windows 95 know what programs are on a given PC. Also,
Greene and two other students who built several bug
demos, Geoffrey Elliott and Brian Morin, said a .BAT file
can be copied to the Internet Explorer cache and executed
from there, where the standard path points to all programs.

The error here, of course, is that the "hackers" don't necessarily
know *all* the programs on a given target PC. (For instance, a
hostile web server has no way of knowing if its client has Quicken
installed, though, come to think of it, it probably does know where it
*would* be installed if present). But that's a minor point anyway,
since the potential damage from the numerous programs whose location
the "hackers" *can* predict, particularly in light of the .BAT
loophole, is pretty much limitless.