phpbb and sql errors asp sqlserver odbc sql errors
click to see newsfeed

Newsfeed
(click to hide)

about this feed

Today´s Diary

If you have more information or corrections regarding our diary, please share.

New Google Chrome (v4.1.249.1036) released, fixes multiple security vulnerabilities. More information at http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html
Share |
Published: 2010-03-18,
Last Updated: 2010-03-18 20:51:26 UTC
by Bojan Zdrnja (Version: 1)
4 comment(s)

One of our readers, Bill, wrote in to let us know about a pretty dangerous batch script that was posted on a web site that he visited. The script is supposed to help users get rid of print jobs which are still in the spooler, but a couple of obvious errors were done. I am pasting the original, as it was on the web site below (of course, do not run this):

@echo off
echo Stopping print spooler.
echo.
net stop spooler
echo deleting stuff... where? I'm not sure. Just deleting stuff.
echo.
FOR %%A IN (%systemroot%  system32  spool  printers     *.*) DO DEL %%A
echo Starting print spooler.
echo.
net start spooler

The script is, as you can see, very simple – all it does is stop the printer spooler (the spooler service) and then it is supposed to delete all files in the %systemroot%system32spoolprinters directory. Unfortunately, the author (accidentally?) added couple of white spaces so this script became extremely dangerous: it will try to delete all files in the %systemroot% directory, in C: and in the current directory.

This simple error shows how dangerous it can be to just blindly copy&paste stuff off the Internet and run it in your environment. While in this case it was easy to spot the error since the whole script is only 10 lines long, in other cases we should be very careful.

I also noticed another thing very popular today – in order to faster download stuff off the Internet (legal stuff, such as Linux distributions), people tend to use a lot of different utilities that are supposed to provide faster download speeds. Such utilities can be simple Bittorrent clients or dubious utilities that will download unverified things from even more dubious web sites. And this leads me to a question: how many of you verify integrity of files you download? It would be interesting to compare the number of downloaded ISO images of popular Linux distributions with the number of downloaded checksum files – I fear that less than 1% people verify what they download. I hope in time this number will increase!

--
Bojan

 

Keywords: integrity
4 comment(s)

If you have more information or corrections regarding our diary, click here to contact us.

Diary Archive

DateAuthorTitle
2010-03-18Bojan Zdrnja Dangers of copy&paste
2010-03-17Deborah Hale Trojan outbreak on a College Campus
2010-03-17Deborah Hale Spam was killing us! Here is what we did to help!
2010-03-16Lenny Zeltser Internet Explorer 9 "Platform Preview" Now Available From Microsoft
2010-03-16Lenny Zeltser Trouble Ticket Express Exploit in the Wild a Day After the Vulnerability Announcement
2010-03-15Adrien de Beaupre Spamassassin Milter Plugin Remote Root Attack
2010-03-14Marcus Sachs DST Issue in Windows 7 Ultimate?
2010-03-13Marcus Sachs Evil Sports Sites
2010-03-11donald smith Cert write up on Skype IMBot Logic and Functionality.
2010-03-11donald smith Interesting SKYPE SPIM.
Complete Archive
Search Diaries: