New Google Chrome (v4.1.249.1036) released, fixes multiple security vulnerabilities. More information at http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html

Dangers of copy&paste

Published: 2010-03-18
Last Updated: 2010-03-18 20:51:26 UTC
by Bojan Zdrnja (Version: 1)
5 comment(s)

One of our readers, Bill, wrote in to let us know about a pretty dangerous batch script that was posted on a web site that he visited. The script is supposed to help users get rid of print jobs which are still in the spooler, but a couple of obvious errors were done. I am pasting the original, as it was on the web site below (of course, do not run this):

@echo off
echo Stopping print spooler.
echo.
net stop spooler
echo deleting stuff... where? I'm not sure. Just deleting stuff.
echo.
FOR %%A IN (%systemroot%  system32  spool  printers     *.*) DO DEL %%A
echo Starting print spooler.
echo.
net start spooler

The script is, as you can see, very simple – all it does is stop the printer spooler (the spooler service) and then it is supposed to delete all files in the %systemroot%system32spoolprinters directory. Unfortunately, the author (accidentally?) added couple of white spaces so this script became extremely dangerous: it will try to delete all files in the %systemroot% directory, in C: and in the current directory.

This simple error shows how dangerous it can be to just blindly copy&paste stuff off the Internet and run it in your environment. While in this case it was easy to spot the error since the whole script is only 10 lines long, in other cases we should be very careful.

I also noticed another thing very popular today – in order to faster download stuff off the Internet (legal stuff, such as Linux distributions), people tend to use a lot of different utilities that are supposed to provide faster download speeds. Such utilities can be simple Bittorrent clients or dubious utilities that will download unverified things from even more dubious web sites. And this leads me to a question: how many of you verify integrity of files you download? It would be interesting to compare the number of downloaded ISO images of popular Linux distributions with the number of downloaded checksum files – I fear that less than 1% people verify what they download. I hope in time this number will increase!

--
Bojan

 

Keywords: integrity
5 comment(s)

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives