Re: [BLACKBOX] Serious bug in BlackBox from [at]} on 2010-05-23 (BB-FullArchive.mbox)

From: [at]} <Wojtek>
Date: Sun, 23 May 2010 09:46:37 -0400

----boundary-LibPST-iamunique-430736328_-_-
Content-type: text/plain

Oleg:

I am sorry. There were some attacks on this e-mail list recently. I
looked at the module not under BlackBox, but under the browser viewer
where it looked very suspect. You used the word "same", but the code
looked very different. And it manipulated the registry. This was enough
for me to suspect some clever attacker.

I do admit that this kind of attack would be strange, because who on the
Earth would want to attack this niche community? On the other hand, who on
the Earth is attacking other computer users?

So while I do apologize, you also should have said in your message that
"all uncommented code is the same". This would have been clear. But since
you said "same", and it was not true, it triggered my response.

W.

On Sun, 23 May 2010, Oleg N. Cher wrote:

> Hey Wojtek,
>
> Wojtek Skulski wrote:
>
>> I opened the "same" module and it does not look the same.
>
> Do you look in module with two eyes? ALL UNCOMMENTED CODE really do the same.
>
>> It rahter looks like it is trying to directly modify something in
>> registry, which is never a good thing to do without knowing what one is
>> doing.
>
> Target of this module IN MY REAL PROJECT really is modifying registry
> to remove recycle bin from the desktop. Because some of Windows users
> never use recycle bin, since they understand that do, while deleting
> file, and do not need for insurance their own action in 2 steps.
>
> If you have looked at this module MORE ATTENTIVELY, you'll see that
> ALL PROGRAM CODE THAT WORKING WITH THE REGISTRY IS COMMENTED in (* *) .
> And about what dumb internet attacks did you say?
>
> Then thank you for some clever answer.
>
> And really thank to Chris Burrows! It's goal!
>
> Respectfully yours,
> Oleg N. Cher, Vedanta software
>
>
> ----
> To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to
> LISTSERV{([at]})nowhere.xy
>
>

----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy----boundary-LibPST-iamunique-430736328_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwIE9sZWc6XHBhcg0KXHBhcg0KICAgSSBhbSBzb3Jy
eS4gVGhlcmUgd2VyZSBzb21lIGF0dGFja3Mgb24gdGhpcyBlLW1haWwgbGlzdCByZWNlbnRseS4g
SSBccGFyDQpsb29rZWQgYXQgdGhlIG1vZHVsZSBub3QgdW5kZXIgQmxhY2tCb3gsIGJ1dCB1bmRl
ciB0aGUgYnJvd3NlciB2aWV3ZXIgXHBhcg0Kd2hlcmUgaXQgbG9va2VkIHZlcnkgc3VzcGVjdC4g
WW91IHVzZWQgdGhlIHdvcmQgInNhbWUiLCBidXQgdGhlIGNvZGUgXHBhcg0KbG9va2VkIHZlcnkg
ZGlmZmVyZW50LiBBbmQgaXQgbWFuaXB1bGF0ZWQgdGhlIHJlZ2lzdHJ5LiBUaGlzIHdhcyBlbm91
Z2ggXHBhcg0KZm9yIG1lIHRvIHN1c3BlY3Qgc29tZSBjbGV2ZXIgYXR0YWNrZXIuXHBhcg0KXHBh
cg0KSSBkbyBhZG1pdCB0aGF0IHRoaXMga2luZCBvZiBhdHRhY2sgd291bGQgYmUgc3RyYW5nZSwg
YmVjYXVzZSB3aG8gb24gdGhlIFxwYXINCkVhcnRoIHdvdWxkIHdhbnQgdG8gYXR0YWNrIHRoaXMg
bmljaGUgY29tbXVuaXR5PyBPbiB0aGUgb3RoZXIgaGFuZCwgd2hvIG9uIFxwYXINCnRoZSBFYXJ0
aCBpcyBhdHRhY2tpbmcgb3RoZXIgY29tcHV0ZXIgdXNlcnM/XHBhcg0KXHBhcg0KU28gd2hpbGUg
SSBkbyBhcG9sb2dpemUsIHlvdSBhbHNvIHNob3VsZCBoYXZlIHNhaWQgaW4geW91ciBtZXNzYWdl
IHRoYXQgXHBhcg0KImFsbCB1bmNvbW1lbnRlZCBjb2RlIGlzIHRoZSBzYW1lIi4gVGhpcyB3b3Vs
ZCBoYXZlIGJlZW4gY2xlYXIuIEJ1dCBzaW5jZSBccGFyDQp5b3Ugc2FpZCAic2FtZSIsIGFuZCBp
dCB3YXMgbm90IHRydWUsIGl0IHRyaWdnZXJlZCBteSByZXNwb25zZS5ccGFyDQpccGFyDQpXLlxw
YXINClxwYXINCk9uIFN1biwgMjMgTWF5IDIwMTAsIE9sZWcgTi4gQ2hlciB3cm90ZTpccGFyDQpc
cGFyDQo+IEhleSBXb2p0ZWssXHBhcg0KPlxwYXINCj4gV29qdGVrIFNrdWxza2kgd3JvdGU6XHBh
cg0KPlxwYXINCj4+IEkgb3BlbmVkIHRoZSAic2FtZSIgbW9kdWxlIGFuZCBpdCBkb2VzIG5vdCBs
b29rIHRoZSBzYW1lLlxwYXINCj5ccGFyDQo+IERvIHlvdSBsb29rIGluIG1vZHVsZSB3aXRoIHR3
byBleWVzPyBBTEwgVU5DT01NRU5URUQgQ09ERSByZWFsbHkgZG8gdGhlIHNhbWUuXHBhcg0KPlxw
YXINCj4+IEl0IHJhaHRlciBsb29rcyBsaWtlIGl0IGlzIHRyeWluZyB0byBkaXJlY3RseSBtb2Rp
Znkgc29tZXRoaW5nIGluXHBhcg0KPj4gcmVnaXN0cnksIHdoaWNoIGlzIG5ldmVyIGEgZ29vZCB0
aGluZyB0byBkbyB3aXRob3V0IGtub3dpbmcgd2hhdCBvbmUgaXNccGFyDQo+PiBkb2luZy5ccGFy
DQo+XHBhcg0KPiBUYXJnZXQgb2YgdGhpcyBtb2R1bGUgSU4gTVkgUkVBTCBQUk9KRUNUIHJlYWxs
eSBpcyBtb2RpZnlpbmcgcmVnaXN0cnlccGFyDQo+IHRvIHJlbW92ZSByZWN5Y2xlIGJpbiBmcm9t
IHRoZSBkZXNrdG9wLiBCZWNhdXNlIHNvbWUgb2YgV2luZG93cyB1c2Vyc1xwYXINCj4gbmV2ZXIg
dXNlIHJlY3ljbGUgYmluLCBzaW5jZSB0aGV5IHVuZGVyc3RhbmQgdGhhdCBkbywgd2hpbGUgZGVs
ZXRpbmdccGFyDQo+IGZpbGUsIGFuZCBkbyBub3QgbmVlZCBmb3IgaW5zdXJhbmNlIHRoZWlyIG93
biBhY3Rpb24gaW4gMiBzdGVwcy5ccGFyDQo+XHBhcg0KPiBJZiB5b3UgaGF2ZSBsb29rZWQgYXQg
dGhpcyBtb2R1bGUgTU9SRSBBVFRFTlRJVkVMWSwgeW91J2xsIHNlZSB0aGF0XHBhcg0KPiBBTEwg
UFJPR1JBTSBDT0RFIFRIQVQgV09SS0lORyBXSVRIIFRIRSBSRUdJU1RSWSBJUyBDT01NRU5URUQg
aW4gKCogKikgLlxwYXINCj4gQW5kIGFib3V0IHdoYXQgZHVtYiBpbnRlcm5ldCBhdHRhY2tzIGRp
ZCB5b3Ugc2F5P1xwYXINCj5ccGFyDQo+IFRoZW4gdGhhbmsgeW91IGZvciBzb21lIGNsZXZlciBh
bnN3ZXIuXHBhcg0KPlxwYXINCj4gQW5kIHJlYWxseSB0aGFuayB0byBDaHJpcyBCdXJyb3dzISBJ
dCdzIGdvYWwhXHBhcg0KPlxwYXINCj4gUmVzcGVjdGZ1bGx5IHlvdXJzLFxwYXINCj4gT2xlZyBO
LiBDaGVyLCBWZWRhbnRhIHNvZnR3YXJlXHBhcg0KPlxwYXINCj5ccGFyDQo+IC0tLS1ccGFyDQo+
IFRvIHVuc3Vic2NyaWJlLCBzZW5kIGEgbWVzc2FnZSB3aXRoIGJvZHkgIlNJR05PRkYgQkxBQ0tC
T1giIHRvIFxwYXINCj4gTElTVFNFUlZATElTVFMuT0JFUk9OLkNIXHBhcg0KPlxwYXINCj5ccGFy
DQpccGFyDQpccGFyDQotLS0tXHBhcg0KVG8gdW5zdWJzY3JpYmUsIHNlbmQgYSBtZXNzYWdlIHdp
dGggYm9keSAiU0lHTk9GRiBCTEFDS0JPWCIgdG8gTElTVFNFUlZATElTVFMuT0JFUk9OLkNIXHBh
cg0KfQ==
----boundary-LibPST-iamunique-430736328_-_---

Received on Sun May 23 2010 - 15:46:37 UTC

This archive was generated by hypermail 2.3.0 : Thu Sep 26 2013 - 06:30:31 UTC