There’s a proof of concept where someone could send you an HTML file and then get you to rename the entire file including the extension.
I’m unclear if JScript is the same sa Java Script, so if people are wondering, please let me know what you find out.
This uses social engineering to get you to open the page, and according to what I’m reading, it’ll ask you to save it as a web page, then rename the entire file including its extension.
I’ll tell you that Windows does say it’ll change the way the file is ran, (paraphraising) so be aware of that.
New FileFix attack runs JScript while bypassing Windows MoTW alerts is the article for you to read if you want to learn more. I urge you to at least take a look.
I’ve talked about the fact I’d see these types of things after reading something like this, but I can’t force the issue.
Make it a great day.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.
Well.
Thats another interesting run off I guess.
I am unsure how that will play out but with most emails in html format that could be a problem.
I like my web formatted email personally.
Do you really think though that anyone would fall to download and rename a file though?
No one generally does that.
Still if it exists it will be used and so we must secure against it.
I just hope it doesn’t make it so bad to get emails with stuff.
Then again ever since all the security stupidness I try not to send any attachments unless its required.
I can control it if I upload it to my cloud store on dropbox.
I then kill them after a little bit.
If I recieve or send attachments I will kill them after I’m done.
With the way things have gone, attachments are not the best way to send stuff as it is.
Its easier to send dropbox links and more convenient anyway.