Windows of this era provide a feature that by default hides extensions of files. They choose to display the filename alone – minus the extension.
This “feature”, as per Microsoft, is supposed to “reduce clutter in folder windows”.
It cropped up first in XP and was added in all subsequent versions including Vista as well as the upcoming Windows 7.
Many of you who store a ton of files in a certain folder (especially on the Desktop) may even agree with the reason of “reduced clutter”.
See for yourself.
But wait. This “feature” that is meant to be “user-friendly”, opens a vast opportunity to those who are nefariously-inclined.
Since the extension is hidden, the true type of a file is no longer visible. This can be exploited very easily.
Here is a simple batch file I create.
Notice how I named the file? While windows will have you believe that it’s an innocuous text file about delicious and yummy recipes. The truth remains that it’s a batch file which can freely execute kernel level commands.
You would almost certainly want to know what delicious recipe the file contains, especially if it’s a forward from a friend.
You double-click the file to open it and before you know it, the file has done its job.
In this case, the file above simply shows you a listing of directories in your “program files” folder on execution.
The more malicious ones could relay your info over the network to some server waiting for such files to be executed.
To be honest, you could redeem yourself with an amount of restraint and a bit more observation.
If you haven’t noticed yet, windows did give you a fair warning with the file’s icon.
Look at it again if you haven’t already.
And honestly, how many of you (who agreed with Microsoft’s “reduces the clutter” reasoning) checked the icon before opening a file?
Hope you’ve realized the impact of that one small check box on the security of your data.
Would not you rather have the file extensions displayed (and make do with all the “clutter” it creates)?
Java URL Encoder/Decoder Example - In this tutorial we will see how to URL encode/decode…
Show Multiple Examples in OpenAPI - OpenAPI (aka Swagger) Specifications has become a defecto standard…
Local WordPress using Docker - Running a local WordPress development environment is crucial for testing…
1. JWT Token Overview JSON Web Token (JWT) is an open standard defines a compact…
GraphQL Subscription provides a great way of building real-time API. In this tutorial we will…
1. Overview Spring Boot Webflux DynamoDB Integration tests - In this tutorial we will see…
View Comments
its usefull.. :)
i want run cmd command trow java frames how to do.
email me code for that