DNS and potential energy

Daniel Hagerty hag at linnaean.org
Tue Jul 1 11:16:20 CDT 2008


Rob Pickering <rob at pickering.org> writes:

> Or .com. Oddly enough I just now found a Windows box and typed 
> "command.com" in a browser URL bar and it did what I expected, when I 
> typed the same thing at a cmd prompt it did something different and I 
> expected that too.

1. Copy \windows\system32\cmd.exe to the desktop.

2. Run internet exploder.

3. Type "cmd.exe" in the address bar and observe what happens.

I don't know about you, but given ie's default download location, and
your (apparently common) erroneous expectation, this looks ripe for
social engineering to me.




More information about the NANOG mailing list