If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Is this true?
nospam wrote:
In article , Paul wrote: It's possible that .dmg has an autorun capability, it does not On the G4, when I double-clicked the .dmg, Firefox browser would run and the browser window would appear (after an icon would appear on the desktop indicating the .dmg was opened). Paul |
Ads |
#17
|
|||
|
|||
Is this true?
In article , Paul
wrote: It's possible that .dmg has an autorun capability, it does not On the G4, when I double-clicked the .dmg, Firefox browser would run and the browser window would appear not by opening the dmg file, it didn't. you would need to have manually launched firefox, which as i recall, will complain when it's run from a dmg (most apps don't care). (after an icon would appear on the desktop indicating the .dmg was opened). that's normal and expected. |
#18
|
|||
|
|||
[OT]Is this true?
On Sat, 09 Nov 2019 19:42:37 -0300, Shadow wrote:
On Sat, 9 Nov 2019 22:11:19 +0000, ~BD~ wrote: When I try to open a DMG file I get this:- Look at the follow-up groups you cross- posted to. Do any of them even remotely resemble Apple groups? Are you drunk AGAIN? OT up. He's trollering you Bottoms style. Just playing stupid enough to get replies and make the respondents feel superior. I have sooo tried to teach you about these tactics. You know this but you just can't say no. Rehab. Ask **** the cat for details of his very reasonably priced retreats. You will have to go cold turkey for as long as we can squeeze another shekel out of you but results are guaranteed or we'll give you another 3 months in solitary with little food and water for FREE. Those magic words. Definitely no FREE beer. Say hi to all his other victims in cross posted groups. Hi everyone! --------------- BD: I want people to "get to know me better. I have nothing to hide". I'm always here to help, this page was put up at BD's request, rather, he said "Do it *NOW*!": http://tekrider.net/pages/david-brooks-stalker.php 59 confirmed #FAKE_NYMS, most used in cybercrimes! Google "David Brooks Devon" []'s Sent from my iFurryUnderbelly. -- p-0.0-h the cat Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat, Devil incarnate, Linux user#666, ******* hacker, Resident evil, Monkey Boy, Certifiable criminal, Spineless cowardly scum, textbook Psychopath, the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme, the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll, shyster [pending approval by STATE_TERROR], cripple, sociopath, kook, smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag, liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav, punk ass dole whore troll, no nothing innumerate religious maniac, lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball. NewsGroups Numbrer One Terrorist Honorary SHYSTER and FRAUD awarded for services to Haberdashery. By Appointment to God Frank-Lin. Signature integrity check md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896 I mark any message from »Q« the troll as stinky |
#19
|
|||
|
|||
Is this true?
On Sat, 09 Nov 2019 20:41:02 -0500, Paul
wrote: nospam wrote: In article , Paul wrote: It's possible that .dmg has an autorun capability, it does not On the G4, when I double-clicked the .dmg, Firefox browser would run and the browser window would appear (after an icon would appear on the desktop indicating the .dmg was opened). The same way a zip self extractable will run if you double click on it. OTOH, open it with 7-Zip (or whatever) and it won't. That's because of the OS associations, not "autorun". I suppose a fool could set his browser to run executables as soon as they are downloaded, but they are probably as rare as unicorns. Malware has wiped them out. If the phisher wanted to see what was inside of that "dmg file" (we were discussing the Kaspersky Rescue Disk ISO, I have no idea why the thread was diverted to a non Win 10 topic) he could have simply extracted it. He's been told how to multiple times. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#20
|
|||
|
|||
Is this true?
In article , Shadow
wrote: It's possible that .dmg has an autorun capability, it does not On the G4, when I double-clicked the .dmg, Firefox browser would run and the browser window would appear (after an icon would appear on the desktop indicating the .dmg was opened). The same way a zip self extractable will run if you double click on it. OTOH, open it with 7-Zip (or whatever) and it won't. That's because of the OS associations, not "autorun". nope. a dmg is a disk image, and at most, it will auto-mount, the same as if someone connected an external drive. I suppose a fool could set his browser to run executables as soon as they are downloaded, but they are probably as rare as unicorns. Malware has wiped them out. a dmg is not an executable. |
#21
|
|||
|
|||
Is this true?
On 10/11/2019 08:38, p-0''0-h the cat (coder) wrote:
On Sat, 09 Nov 2019 19:42:37 -0300, Shadow wrote: On Sat, 9 Nov 2019 22:11:19 +0000, ~BD~ wrote: When I try to open a DMG file I get this:- Look at the follow-up groups you cross- posted to. Do any of them even remotely resemble Apple groups? Are you drunk AGAIN? OT up. He's trollering you Bottoms style. Just playing stupid enough to get replies and make the respondents feel superior. I have sooo tried to teach you about these tactics. You know this but you just can't say no. Rehab. Ask **** the cat for details of his very reasonably priced retreats. You will have to go cold turkey for as long as we can squeeze another shekel out of you but results are guaranteed or we'll give you another 3 months in solitary with little food and water for FREE. Those magic words. Definitely no FREE beer. You are a wise young cat! ;-) *Free beer tomorrow*! A sign in many canal-side pubs :-D He ought to learn that I tell the truth, too! I've had no alcohol, none whatsoever, since 21st March, 2018. -- David B. Devon |
#22
|
|||
|
|||
[OT]Is this true?
On Sun, 10 Nov 2019 06:44:13 -0500, nospam
wrote: In article , Shadow wrote: It's possible that .dmg has an autorun capability, it does not On the G4, when I double-clicked the .dmg, Firefox browser would run and the browser window would appear (after an icon would appear on the desktop indicating the .dmg was opened). The same way a zip self extractable will run if you double click on it. OTOH, open it with 7-Zip (or whatever) and it won't. That's because of the OS associations, not "autorun". nope. a dmg is a disk image, and at most, it will auto-mount, the same as if someone connected an external drive. I suppose a fool could set his browser to run executables as soon as they are downloaded, but they are probably as rare as unicorns. Malware has wiped them out. a dmg is not an executable. No way it can auto-mount and execute like a M$ autorun? Even if the user fscks up all the "security" settings? I know nothing about Mac executables/DMG, except that you can open DMG files with 7-Zip and examine the contents. I've done that myself. I assumed that since the BS posted to a Windows group(and not an Apple Mac group), the behavior would be similar. Autorun is a common mode of infection on Windows machines. Even an ISO can "execute" if it's mounted as a virtual drive (not on any of my machines though - registry hack). So ... OT up. []'s -- Don't be evil - Google 2004 We have a new policy - Google 2012 |
#23
|
|||
|
|||
[OT]Is this true?
In article , Shadow
wrote: It's possible that .dmg has an autorun capability, it does not On the G4, when I double-clicked the .dmg, Firefox browser would run and the browser window would appear (after an icon would appear on the desktop indicating the .dmg was opened). The same way a zip self extractable will run if you double click on it. OTOH, open it with 7-Zip (or whatever) and it won't. That's because of the OS associations, not "autorun". nope. a dmg is a disk image, and at most, it will auto-mount, the same as if someone connected an external drive. I suppose a fool could set his browser to run executables as soon as they are downloaded, but they are probably as rare as unicorns. Malware has wiped them out. a dmg is not an executable. No way it can auto-mount and execute like a M$ autorun? Even if the user fscks up all the "security" settings? none whatsoever. at most, the disk image will auto-mount after downloading, otherwise, the user will need to double-click to mount it. either way, any executable file (app, script, etc.) in the disk image *must* be manually run by the user, and it might not work properly if run directly from a disk image, depending on the app and whether the author of said app wants it to be somewhere else. I know nothing about Mac executables/DMG, except that you can open DMG files with 7-Zip and examine the contents. I've done that myself. a dmg is a disk image and its contents can be listed without having to actually mount it. however, that won't work if the dmg is encrypted. I assumed that since the BS posted to a Windows group(and not an Apple Mac group), the behavior would be similar. he hijacks threads to troll. Autorun is a common mode of infection on Windows machines. Even an ISO can "execute" if it's mounted as a virtual drive (not on any of my machines though - registry hack). yep. |
#24
|
|||
|
|||
Is this true?
~BD~ wrote in : I've had no alcohol, none whatsoever, since 21st March, 2018. -- David B. Devon The alcohol, over the years, could have permanently affected your brain, Dave. Or perhaps indirectly by affecting your liver's ability to detoxify your blood before it flows into your brain cells? Either way, not good. Try being a bit nicer. Consider giving up your silly ways such as posting reams of inane links with what looks like unique IDs in them. |
#25
|
|||
|
|||
[OT]Is this true?
On 10/11/2019 12:36, nospam wrote:
he hijacks threads to troll. I STARTED this thread! :-P -- David B. Devon |
#26
|
|||
|
|||
Is this true?
On 10/11/2019 20:25, Spamblk wrote:
~BD~ wrote in : I've had no alcohol, none whatsoever, since 21st March, 2018. -- David B. Devon The alcohol, over the years, could have permanently affected your brain, Dave. I cannot argue with that, 'Spamblk'! Or perhaps indirectly by affecting your liver's ability to detoxify your blood before it flows into your brain cells? Maybe you are right. It's impossible for me to know. I did have an ultrasound scan of my liver about two years ago, shortly before I decided to 'bite the bullet' and stop drinking any alcohol at all. All was well back then, but things can and do change over time. Either way, not good. Try being a bit nicer. Consider giving up your silly ways such as posting reams of inane links with what looks like unique IDs in them. I really am trying to be nice to folk! Please give me some examples of what you consider to be "inane links". I'm really not sure to what you are referring. TIA |
#27
|
|||
|
|||
Is this true?
On 09/11/2019 23:26, Paul wrote:
~BD~ wrote: On 09/11/2019 19:07, ~BD~ wrote: On 08/11/2019 22:07, Paul wrote: ~BD~ wrote: On 08/11/2019 12:05, Wolffan wrote: On 08 Nov 2019, BD~ wrote (in article ): 'Shadow' claims .... That the Kaspersky *FREE* 'Rescue Disk' is a Linux Dist it is How do you know? How can you tell? Dude, less yapping, more researching. OK! :-) KRD.iso September 19, 2019, 11:25:30 PM 594,067,456 bytes) https://i.postimg.cc/LsWZpcpN/KRD-is-gentoo.gif I changed the filename of the ISO, to prevent a name collision with a previous one. Many of my other KAV files are dated. The KRD disc is noteworthy, in that it has a registry editor on board. There's an icon on the desktop. ******* Your next task, is find the scanning engine. My Apple iMac didn't like the ISO! https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0 When I try to open a DMG file I get this:- "There may be a problem with this disk image. Are you sure you want to open it? Opening this disk image may make your computer less secure or cause other problems." = What does that mean in fact? What's really wrong with it, and what kind of problem can it cause just by mounting? Are you doing this on Windows now, or on a Mac ? I can guess if you like. *Mostly on my iMac*. :-) A .dmg can be disassembled into parts. I used to do that at one time, on my Mac G4 in a bygone era. A part of getting something to run, relied on users being able to get inside and fix something. That's how I know the format isn't a barrier to entry, like an Installshield might be. It's possible that .dmg has an autorun capability, so that "things start to run for the user, without effort". And such a mechanism would be a good attack surface for malware. Like, if you downloaded a .dmg from an untrusted site and tried to open it. I can probably simulate this a little bit. I used to use Firefox on the G4 (PowerPC based) (because at the time, Safari didn't render all web pages well) and the file came as a .dmg. I can get one of these today for a look. http://releases.mozilla.org/pub/fire...x%2070.0.1.dmg And you can see that 7ZIP on Windows, has no problem inspecting what is inside a .dmg. Using your Mac specific knowledge, you can look at the specimen you have acquired, and see if there are any issues of note. I'm sure there's a TN (Apple Technical Note), or someone in a Mac group, who can help with attack vectors or autorun mechanisms with such things. https://i.postimg.cc/fb3hqwYT/7-ZIP-...mine-a-DMG.gif In that picture, you can see there is a code signing resource, so in principle, an executable can be checked for adulteration since it left the hands of the developer. But stuff like this, there's always someone out there who has figured out a way to fuzz such things and break them. So the warning is about "unknown attack vectors. based on the ability to autorun stuff from a .dmg". And that only applies if, somehow, the machine is deciding it *must* open that .dmg right away. That would take two levels of autorun to do that. On Windows, autorun has been partially shut off, to reduce the attack surface caused by it. But some people on the Internet, feel Microsoft didn't do enough, and at least one dude was showing how to use SRP to prevent any "autorun.inf" file from being executed on Windows. So that's a way to harden Windows (a tiny bit), from inserted media attacks. Â*Â* Paul I learn a great deal from you, Paul. I don't think I'll bother with a Kaspersky rescue disk now that I've got Knoppix 8.6. Have you any tips for using it? |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|