SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Wizard silver trophy TheOriginalH's Avatar
    Join Date
    Aug 2000
    Location
    Thailand
    Posts
    4,810
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    OK, so how did they do that??!

    I was telling a colleague about ihatemicrosoft.com - which used to throw up an infinate number of pop-ups until your pc crashed if you used IE to visit it..

    That has now changed - it shows you the contents of your C: instead - how??
    ~The Artist Latterly Known as Crazy Hamster~
    922ee590a26bd62eb9b33cf2877a00df
    Currently delving into Django, GIT & CentOS

  2. #2
    Shiver me timbers!! anthony_irl's Avatar
    Join Date
    Aug 1999
    Location
    Dublin, Ireland
    Posts
    495
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That is mad! I assume it's through the use of an applet
    Anthony - How's tings?

    24 hours in a day, 24 beers in a case. Coincidence? I think not.
    Contact me by: PM Email NEW! Carrier Pigeon

  3. #3
    Serial Publisher silver trophy aspen's Avatar
    Join Date
    Aug 1999
    Location
    East Lansing, MI USA
    Posts
    12,937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, java applets are secure.

    Its through use of ActiveX, microsoft's insecure wannabe.
    Chris Beasley - I publish content and ecommerce sites.
    Featured Article: Free Comprehensive SEO Guide
    My Guide to Building a Successful Website
    My Blog|My Webmaster Forums

  4. #4
    @russellg RussellG's Avatar
    Join Date
    Jun 2000
    Location
    Gold Coast, Queensland
    Posts
    449
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That site is pathetic.
    russell.cz.cc - coming soon (I promise!)

  5. #5
    SitePoint Wizard silver trophy Jeremy W.'s Avatar
    Join Date
    Jun 2001
    Location
    Toronto, Canada
    Posts
    9,121
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    It's not really an ActiveX control at all. I know it looks like one, but it isn't what it looks like.

    It's simply a call to the IFrame mechanism via ActiveX. What does the IFRame contain? file:///c:/ as the location.

    Nothing is being communicated to anyone, nothing is happening, this is the exact same thing as me making an iframe and putting the location as file:///c:/.
    SVP Marketing, SoCast SRM
    Personal blog: Strategerize
    Twitter: @jeremywright

  6. #6
    Shiver me timbers!! anthony_irl's Avatar
    Join Date
    Aug 1999
    Location
    Dublin, Ireland
    Posts
    495
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by aspen
    No, java applets are secure.

    Its through use of ActiveX, microsoft's insecure wannabe.
    I retract my previous statement.
    Anthony - How's tings?

    24 hours in a day, 24 beers in a case. Coincidence? I think not.
    Contact me by: PM Email NEW! Carrier Pigeon

  7. #7
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I've seen this done before.

    I do not have a URL as it was an unwanted popup and I closed it (although it did catch my attention for a while).

    I found it to be really pathetic. Upon second inspection it was so obviously a windows explorer type view of file:///c:/

    However, I can see how this could have fooled some people, through no fault of their own, and I just really feel sorry for the people who saw this and decided to download the scumware that the site was advertising, thinking it would protect their privacy.

    Surely this is unfair trading and there must be a consumer complaints organisation that you can complain to in the US about this kind of thing. Would complaining to a US host likely get this kind of thing shut down?
    [mmj] My magic jigsaw
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    The Bit Depth Blog Twitter Contact me
    Neon Javascript Framework Jokes Android stuff

  8. #8
    Prolific Blogger silver trophy Technosailor's Avatar
    Join Date
    Jun 2001
    Location
    Before These Crowded Streets
    Posts
    9,446
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by mmj
    Surely this is unfair trading and there must be a consumer complaints organisation that you can complain to in the US about this kind of thing. Would complaining to a US host likely get this kind of thing shut down?
    I find this absolutely absurd. Sure it's a stupid business practice - unethical in every way - but come on, they have a right to put that up. There is no slander or libel. There is no extortion. No crime is being committed except the crime of unethical business practices.

    I don't agree with this, but I don't think we need to stoop to censorship either...

    Sketch
    Aaron Brazell
    Technosailor



  9. #9
    SitePoint Wizard silver trophy TheOriginalH's Avatar
    Join Date
    Aug 2000
    Location
    Thailand
    Posts
    4,810
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by mmj

    I found it to be really pathetic. Upon second inspection it was so obviously a windows explorer type view of file:///c:/
    Which in itself can be harmfull. Yesterday I tried viewing the site using our Citrix service (thin client). Sure enough, it displayed the contents of the C: of the Citrix box (which I should be unable to see). Not only that, but clicking on the icons inside actually allowed me to open and edit files. I could not delete or paste new files (Win security finally kicked in), but the fact I was in there at all proves that this is NOT a harmless flaw....
    ~The Artist Latterly Known as Crazy Hamster~
    922ee590a26bd62eb9b33cf2877a00df
    Currently delving into Django, GIT & CentOS

  10. #10
    SitePoint Wizard silver trophy Jeremy W.'s Avatar
    Join Date
    Jun 2001
    Location
    Toronto, Canada
    Posts
    9,121
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    If it is possible from a website, it is possible using file:///c:/ as your address, meaning it is possible using Windows Explorer. They all inherit the same permissions
    SVP Marketing, SoCast SRM
    Personal blog: Strategerize
    Twitter: @jeremywright

  11. #11
    SitePoint Wizard silver trophy TheOriginalH's Avatar
    Join Date
    Aug 2000
    Location
    Thailand
    Posts
    4,810
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Not so. Windows explorer does not run (or is not set up to run) on the system. Typing file:///c:/ into Internet Explorer is also blocked. Clicking the icons on that page opens it in IE.

    Active x has been switched off by our IT team.
    ~The Artist Latterly Known as Crazy Hamster~
    922ee590a26bd62eb9b33cf2877a00df
    Currently delving into Django, GIT & CentOS

  12. #12
    Say WHA?! goober's Avatar
    Join Date
    Sep 2000
    Location
    United States
    Posts
    1,921
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Right, considering that Internet explorer is a Shell of windows explorer (it can view windows folders, etc.) it can be used like windows explorer. Thus, when a link points to C:, IE merely opens up that users folder and displays the contents to just that user.

    However, what TheOriginalH mentioned about his Citrix box was unnerving. Have you reported that bug, H?

    'Till next time..
    Sean Killeen [LinkedIn] [Twitter] [Web]

    Warning: Reality.sys corrupted. Universe halted. Reboot? (Y/N)

  13. #13
    SitePoint Wizard silver trophy TheOriginalH's Avatar
    Join Date
    Aug 2000
    Location
    Thailand
    Posts
    4,810
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I think the IT team were flustered enough to make a call
    ~The Artist Latterly Known as Crazy Hamster~
    922ee590a26bd62eb9b33cf2877a00df
    Currently delving into Django, GIT & CentOS


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •