Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Missing the problem by a mile (Score 1) 499

by arth1 (#49174109) Attached to: Why We Should Stop Hiding File-Name Extensions

If you put an infected executable on my machine and gave it a TXT file extension it's totally harmless. So it tries to open the file in notepad....no harm there.

But how do you know that it will open it in notepad? Do you examine the registry?

How do you know that an app you tried a year ago and quickly uninstalled didn't change the extension association for .txt to run a small wrapper that examines the file, and if it's an executable, executes it, and otherwise opens it with Notepad?
It doesn't have to be a trojan you ran either - it could have been done through an IE/Flash exploit a long time ago too.

Comment: Re:Missing the problem by a mile (Score 1) 499

by arth1 (#49173977) Attached to: Why We Should Stop Hiding File-Name Extensions

You cannot tryst the extension to be what the file actually is. But you CAN trust the extension to determine what Windows will do with it. That .jpg might not actually be an image, but Windows will try to load it like one.

No, this is what I have tried to tell here, and keep getting modded down for. You cannot trust that. Really. You can trust that Windows will treat it as a .jpg file, but you cannot trust that Windows will treat .jpg files as images .
What Windows treats .jpg files as depends on registry values that are changeable by the user (and apps). An app can change .jpg files to be treated as executables, without you knowing it.

All that's needed is to modify HKEY_CURRENT_USER\Software\Classes\.jpg and it will override the system defaults. It's in the user hive, and does not even require admin privileges.
Apps do this all the time, benignly to associate file types with themselves. That your .mp3 files suddenly open with WinAmp after installing WinAmp is because of this. But that's not all they can do - they can associate ANY file types with ANY programs, not just themselves. That includes making Windows execute the file as a binary, if they so choose.
So you cannot trust that Windows treats a .jpg file as an image. That is only the case if you (or an app) hasn't changed that.

Few people will check the registry before "running" a file. They trust that Windows will open the .jpg file with an image viewer (or editor), but they have no way of knowing if a boring game they installed and uninstalled a year ago changed that, and that .jpg files now get executed if containing executable content and otherwise shown in an image viewer.

Comment: Re:Good luck with that. (Score 1) 499

by arth1 (#49172777) Attached to: Why We Should Stop Hiding File-Name Extensions

And you want to try to get the average end user to understand the difference between ".XLS", ".XLSX", and ".XLSX.EXE"?

Or to trust that no one is ever clever and malicious enough to use one trojan to modifiy the default action for .XLSX to run the files, and then a few months later send people .XLSX files that contains executable content?

Seeing that it's named .XLSX does not tell you anything about what (a) the file contains, or (b) what the OS will do with it. You trust that no-one would ever be mean enough to put non-spreadsheet info in a file named .XLSX, and trust that nothing has changed the actions taken for that file extension.
That's too much trust.

Comment: Re:Missing the problem by a mile (Score 1) 499

by arth1 (#49172495) Attached to: Why We Should Stop Hiding File-Name Extensions

OK, and how is opening the jpg in notepad going to harm your computer?

It could just as easily be opening the .jpeg file containing executable content with with run.dll. The problem is that this mapping from file extension to action taken is not static, but can (and does) change on the fly. Which is why you may get irritated when you have two mp3 playing programs installed and your mp3 files open with the "wrong one". That means that one of the apps have taken over the file extensions. And it's not limited to taking over - it can point away too. Or it can open with a wrapper that runs malicious content and then passes the remainder to the viewer you expect, so you don't notice anything amiss.
You just don't know unless you go into the registry and check for yourself. Trusting the file extension is misplaced trust.

Comment: Re:Missing the point (Score 1) 499

by arth1 (#49172099) Attached to: Why We Should Stop Hiding File-Name Extensions

This is not about how your own application react to a file. this is how the operating system *does*. There is a convention in the operating system, particularly windows, that a .gif will be tried to be displayed as a picture and a .html as a web page. Your application may *chose* to interpret it as music for all we care, but the operating system will react by default as described.

But the defaults are mutable, and not to be trusted to stay consistent.
There is nothing that prevents an application from changing the default for .gif from opening in [gif viewer of choice] to executing them. If someone then sends you an executable with a .gif extension, and you double-click it, it will execute the executable.
Trusting that a .gif file is always a GIF picture is folly. It's the default, but it is very changeable, and a couple of trojans do indeed change the file name extension associations.

Comment: Re:Missing the problem by a mile (Score 4, Informative) 499

by arth1 (#49171787) Attached to: Why We Should Stop Hiding File-Name Extensions

On Windows, extensions are meaningful to the operating system. It doesn't identify all files by magic numbers. Files are typed by their extensions. If the file is "fishhead.jpeg" then it is not a Win32 executable binary (barring flaws in the JPEG rendering system that lead to arbitrary execution).

You miss that it isn't like that in Windows either. A file named fishhead.jpeg can indeed be a a Win32 executable binary that gets executed by the OS as a binary if called without a named program to open it. That depends on what the end user and the programs he (spit) trusts have set the .jpeg extension to signify. It is only a recommendation. Windows provides defaults, but it is silly to presume that no program would ever be mean enough to change any of that on you.
You cannot trust the extensions any more than you can trust the "From:" address in an e-mail. Not in Windows either.

Comment: Re:Missing the problem by a mile (Score 0) 499

by arth1 (#49171643) Attached to: Why We Should Stop Hiding File-Name Extensions

You must have missed my "except on very immature operating systems".
And it's not even the case in Windows. Windows is user configurable to let any extension map to any "action". There is nothing that says it cannot open files with a .txt file name extension in, say, Paint. It may default to Wordpad, but that's just a convention, not set in stone. As you install other programs, they may change that, so one day it opens in Slick|Edit, and there's nothing that prevents your music player from saying "hey, now, I want the default action for .txt files to be opened by me".

Again, the file name extensions are only advisory, not prescriptive, and that's why they should never be trusted.

Comment: Missing the problem by a mile (Score 1, Interesting) 499

by arth1 (#49171533) Attached to: Why We Should Stop Hiding File-Name Extensions

The problem isn't not looking at file name extension. It's trusting them.
File name extensions are just a convention, and are not prescriptive except on very immature operating systems. There is nothing that prevents a JPEG file from being saved with a .txt name extension. Looking at the name extension will tell you absolutely nothing.

I have a web server set up at home that serves html files with a .gif extension, and expects images to have a .html name extension. It works great, because the file name extensions are only advisory.

And then there's the Amiga, where you have prefixes, like mod.filename to signify a music score file with embedded samples. Again, it's just a convenience, and should never be trusted.

Comment: Re:Are we looking through the center... (Score 1) 140

by arth1 (#49171449) Attached to: Astronomers Find an Old-Looking Galaxy In the Early Universe

Doubtful, or we would have seen large effects.
But what's possible is that this galaxy is moving towards us as far as movement goes, which counteracts some of the effects of the universe expanding. It is still "receding" because the expansion of the universe is much bigger than any movement can be, but slower than other objects at the same distance. Which allows for it to be older than average.
If so, of even more interest would be those galaxies that are moving the fastest from us (in physical movement), and approaching the horizon of of the visible universe. Those would be the absolutely youngest we could observe, and would give us the best picture of the early universe.

Comment: Re:Are we looking through the center... (Score 1) 140

by arth1 (#49171401) Attached to: Astronomers Find an Old-Looking Galaxy In the Early Universe

And that last bit is what is causing the paradox with this new galaxy: although it is far away and should therefore appear younger (it is the same age today, but we see it as it was in the past), it looks much older than it ought to look.

"Today" makes no sense at intergalactic scales. There is no one clock that ticks for the entire universe that isn't bound to the cone of causality; time is only a local phenomenon.
If you could travel to that galaxy[*], it would be old when you reached it, but saying anything about its age now except that it is young from our point of view is wrong. There is no common frame of reference.

[*]: You can't, even at the speed of light. Due to the increasing rate of expansion of the universe, the galaxies near the end of what we can observe will appear to recede at a speed faster than c, into what cannot be observed and thus cannot be reached either.

Comment: Re:Are we looking through the center... (Score 2) 140

by arth1 (#49171351) Attached to: Astronomers Find an Old-Looking Galaxy In the Early Universe

Big Bang did not happen in one spot. It happened everywhere. Including where we are. Space itself expanded.

The universe continues to expand, and the distance to the parts the farthest away from us is growing faster than the speed of light, meaning that they disappear from our view, and we can never observe them again, except for the influence they have had on areas of space closer to us.
But both those parts and where we are were where big bang happened.

"An organization dries up if you don't challenge it with growth." -- Mark Shepherd, former President and CEO of Texas Instruments

Working...