uuencoding

[Tedob1]

i uuencoded an exe and put the ascii code in a web page then logged on to a computer that cannot download exes. got the web page fine. copied the code and was able to convert it.

how can i prevent this from happening

[mohaughn]

Two ways.

1) Prevent access to IE. Although this is probably more extreme than you are looking for. However, as the uuencoded text, it that, just text. There is no way to tell IE not to look at uuencoded material. Mainly because IE doesn't know what the text is.

2) Prevent the user from running any kind of program that would convert the UUencoded content back to an EXE. Unfortunately right now, there is no 100% method to do this. There is talk that in the next version of windows you will be able to create a signature of an Exe, and then block that signature from running. This gets around just renaming blocked files. However, you could go through the OS and setup the directory structures and file permissions so that there is no way the user can get the uuencode program onto the system. This would however, prevent the user from running anything that you did not specifically allow them to run, and would take a lot of work to setup.

[Tedob1]

im sorry ! im behind a watchguard fire wall. i was hoping there was a setting to prevent this. It hasn't been a problem and probably wont be. but on the off chance that it might...

we have a pretty open policy. i'd like to keep it that way and winzip is essential for daily biz.

[PuReExcTacy]

If it's a company computer you are trying to protect, you can lock the machine down to the point where no one can install any programs to decode the text, such as disabling base64 or uudecode. Another thing you might want to do, is disable access to binary files that you haven't approved, and especially the command prompt, that's a killer right there.

There's really no way to disable text on a webpage, other than to filter the pages that are allowed to be surfed. If you have a proxy setup at work, then limit access to only autorized websites. Remember the first rule of security would be to deny all access to everything and allow access to only what you specifically grant permission to do. So, your employees should not be surfing any webpages that you haven't specifically given access to.


--PuRe

[slarty]

How about:

Run a trusted computing system whereby all exe files need to be authorised before being allowed to run. So the user may be able to be decode the exe file, just can't run it.

True, this does break down when you realise that every Excel or Word doc is technically an exe file...

Slarty

[Tedob1]

unfortunatly winzip has the capacity to decode it. All machines have winzip. locking computers down is out of the question so i guess ill just have to watch closely.

[Tiger Shark]

Tedob: I don't know your environment but the first question I would ask myself is:-

Do my users have the imagination, technical know-how and do I have anything here that would make them need to do this risking what should be dismissal for a policy breach, (Thou shalt not install any software without the prior permission of you MIS), to make them want to go through this?

If you can answer positively to any one of the three then you have a problem because I don't know of any way to block uuencoding on Watchguard Firebox or Firebox II - Mime types yeah - not uuencode.

I have found that there are cases where there simply isn't a technical solution for what is, after all, an administrative problem without the benefit being outweighed by the cost.