1 Jul
2008
1 Jul
'08
12:16 p.m.
Rob Pickering <rob@pickering.org> writes:
Or .com. Oddly enough I just now found a Windows box and typed "command.com" in a browser URL bar and it did what I expected, when I typed the same thing at a cmd prompt it did something different and I expected that too.
1. Copy \windows\system32\cmd.exe to the desktop. 2. Run internet exploder. 3. Type "cmd.exe" in the address bar and observe what happens. I don't know about you, but given ie's default download location, and your (apparently common) erroneous expectation, this looks ripe for social engineering to me.