Posted by Michal Zalewski on Oct 26

Yo,

Many shell users, and certainly a lot of the people working in
computer forensics or other fields of information security, have a
habit of running /usr/bin/strings on binary files originating from the
Internet. Their understanding is that the tool simply scans the file
for runs of printable characters and dumps them to stdout – something
that is very unlikely to put you at any risk.

It is much less known that the Linux version of strings is…