[ale] palm41.dll weirdness

Robert Reese ale at sixit.com
Sat Sep 25 21:12:16 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*********** REPLY SEPARATOR  ***********
On 9/24/2004 at 4:17 AM Geoffrey wrote:

>Robert Reese wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> *********** REPLY SEPARATOR  ***********
>> On 9/22/2004 at 6:08 AM Geoffrey wrote:
>> 
>> 
>>>>Simple, really.  I run Windows and own(ed) a Palm Pilot.  This
>>>>isn't the first time I've encountered this DLL (Dynamic Link
>>>>Library).  ;c) 
>>>
>>>But you're making the assumption that this file is the real thing.
>>> Not  a good thing to do.
>> 
>> 
>> It wasn't an assumption.
>
>Then what basis?  Did he send you the file?  Unless you physically 
>inspected this file yourself, you can not say anything about it's
>true  contents.  You can not and should not assume that a filed
>called 
>palm41.dll on his box is the same file as one named palm41.dll on
>yours.  

I don't recall asking him to send you the file before offering your
advice.  It seems to me that the strings output was sufficient for
you.  It was enough for me to make a positive identification.


>> Good to know.  Perhaps, then, the first question that should have
>> been asked was if the executable bit was set.  If not, what good
>> would it do 
>>if it were a virus or a worm?
>
>sh palm41.dll ???

SH: Runs or processes jobs through the Bourne shell

Hmm... You need an EXTERNAL command to run the file?  Not very
virus-like is it.  Further,  in this case a text document could be
executed.


>>> It does not matter what the file name is.  You're assuming 
>>>it's a dll by way of the name.
>> 
>> 
>> It wasn't an assumption.
>
>You've provided no other evidence to the contrary.  Without
>physically  having the file, it is an assumption.

Incorrect, and I need not provide any 'evidence'.


>> It wasn't an assumption.  It was, and is, a file I've had
>> experience with previously.
>
>Okay, I'm going to send you a file called bash, will you please
>execute  it on your computer.  After all, I'm sure you've had
>experience with  this file as well.

Nope.


>According to the archives, your response was to my recommendation to
>run  strings, although the date on you machine appears to be off by
>a couple  of days???  Therefore the threading could well be screwed
>up.  Jim's  response to my suggestion to run strings is found 5 or
>six threads 
>later, although it too is in response to my strings suggestion. 
>According to the archives, both threads and dates, you responded to
>my  posting before Jim posted his strings output.

It mightn't have occurred to you but my email client sets the time
and date displayed by your email client at the moment I click
reply.So I clicked Reply so I could come back to the email.  During
the interim Jim's strings results came back.  Take a look at the
headers and see if you don't see the actual time and date sent.  ;c)

Oh, does it seem a little odd that I would have responded to Jim's
email two days prior to him sending the first message?


>The bottom line is, it's quite foolish to assume the contents of a
>file  based on it's name.

Like I said, *not* an assumption.  :)

Cheers,
Robert Reese~

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: No one has the right to not be offended.

iQA/AwUBQVYV+Lw8BOWncaQMEQI6yQCg/eMSSUOWLmPLA8n1Swhzqj/sQSsAoJrI
kgQI38f9mk77cLqkEEHXqJ+F
=pRM4
-----END PGP SIGNATURE-----


Type: DH/DSS 4096/1024 AES-256
Key ID: 0xA771A40C
Fingerprint: CAE2 81CA A7CD 6681 341C  E3A9 BC3C 04E5 A771 A40C



More information about the Ale mailing list