Monday, November 7, 2011

chrome decode file names

If you browse with chrome be aware that it might decode the file name and save it as something different, for example, if you see a file named :
it will be saved as
on your hard drive.

will not be fixed.

response from the server when downloading a file:

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Cache-Control: private, max-age=86400
Expires: Mon, 07 Nov 2011 20:07:17 GMT
Date: Mon, 07 Nov 2011 20:07:17 GMT
X-XSS-Protection: 0
Content-Disposition: attachment; filename="calc.ex%65"
Content-Length: 776192
X-Content-Type-Options: nosniff
Server: GSE

The file will be saved as "calc.exe". Maybe just a content-disposition header issue, but hey, that header is optional! (cynicism intended) 

beware of malicous google calendar invites - food for thought

It would appear that it is completly possible and with ease to send meeting invites which contain executables using gmail and google calendar.

This is how it will appear in the inbox of an unsuspecting human:
Now the attachment is hosted on Google docs, from which you would need to download and run it.

I know, I know, It isn't really an "evil attachment" it is just a link to an executable...
but, it is a google calendar invite hosting a link to an executable file on google docs.

now I know a few people who aren't as paranoid as me and would trust google hosted files more then just a random hosted file on some unknown server, but then again, that is just me :)

Food for thought.