Dangers of copy&paste
One of our readers, Bill, wrote in to let us know about a pretty dangerous batch script that was posted on a web site that he visited. The script is supposed to help users get rid of print jobs which are still in the spooler, but a couple of obvious errors were done. I am pasting the original, as it was on the web site below (of course, do not run this):
@echo off
echo Stopping print spooler.
echo.
net stop spooler
echo deleting stuff... where? I'm not sure. Just deleting stuff.
echo.
FOR %%A IN (%systemroot% system32 spool printers *.*) DO DEL %%A
echo Starting print spooler.
echo.
net start spooler
The script is, as you can see, very simple – all it does is stop the printer spooler (the spooler service) and then it is supposed to delete all files in the %systemroot%system32spoolprinters directory. Unfortunately, the author (accidentally?) added couple of white spaces so this script became extremely dangerous: it will try to delete all files in the %systemroot% directory, in C: and in the current directory.
This simple error shows how dangerous it can be to just blindly copy&paste stuff off the Internet and run it in your environment. While in this case it was easy to spot the error since the whole script is only 10 lines long, in other cases we should be very careful.
I also noticed another thing very popular today – in order to faster download stuff off the Internet (legal stuff, such as Linux distributions), people tend to use a lot of different utilities that are supposed to provide faster download speeds. Such utilities can be simple Bittorrent clients or dubious utilities that will download unverified things from even more dubious web sites. And this leads me to a question: how many of you verify integrity of files you download? It would be interesting to compare the number of downloaded ISO images of popular Linux distributions with the number of downloaded checksum files – I fear that less than 1% people verify what they download. I hope in time this number will increase!
--
Bojan
Web App Penetration Testing and Ethical Hacking | Munich | Oct 14th - Oct 19th 2024 |
Comments
richardpitt
Mar 18th 2010
1 decade ago
Dave English
Mar 18th 2010
1 decade ago
Dave English
Mar 18th 2010
1 decade ago
Bojan
Mar 18th 2010
1 decade ago
Saafan
Mar 22nd 2010
1 decade ago