|
New security warning for IE users
|
View this Thread in Original format
| starsearcher |
Affects users who are using IE with Windows XP SP2...users of other browsers are not affected
read on
:) |
|
|
| loca |
Yup saw this on slashdot 2 days ago.
Dunno if you read the solution on Secunia:
| quote: | Solution:
Use another product.
|
Buahahahaha
Moreover, the vulnerability can be used to delete files from the user's system :nervous:
| quote: |
Extremely High-Level IE6 Vulnerability Found.
I've posted about IE6 vulnerabilities before. They mostly involved spoofing the address bar, which was in itself dangerous as it allowed scam artists to make their websites be at the address "www.visa.com" or other such honeypot locations. This vulnerability is far worse however: it makes command lines run on the user's machine. Why is that bad? Because someone can make that command be "del C:\Windows\System32\*.dll" or something equally sensitive, causing Windows to crash... permanently. The solution? Switch browsers; stop using Internet Explorer.
Vulnerability Test
Test Now [IE users only]
If the test was succesful, you will now have a folder on your C:\ drive called "ie6vulnerability.jmcardle". This is by far the worst security hole I've ever seen. If you wish to run the test multiple times, then please refresh this page before each test. The test requires that you have WindowsXP SP2 & Internet Explorer 6. Disclaimer: You do not have to click any links on this site, including the link to the vulnerability test above. I am not responsible for any consequences to you or your system(s) should you choose to click the aforementioned links. Note: Since I've been Slashdotted, I should hand out proper credits. The code I used to base this example was posted on New Order on Jan 5th, as well as on Secunia a few days later. Further Note: It should be stated that Secunia took their code primarily from ShredderSub7. |
Taken from here
And before RJ jumps in here saying this exploit was found 2 months ago, yes it was. And it never got fixed. Whatever happened to patching things up MS? |
|
|
| loca |
Oh also... another beauty:
| quote: |
Hackers Tune In to Windows Media Player
By Ryan Naraine
January 10, 2005
Be the first to comment on this article
Hackers are using the newest DRM technology in Microsoft's Windows Media Player to install spyware, adware, dialers and computer viruses on unsuspecting PC users.
Security researchers have detected the appearance of two new Trojans, Trj/WmvDownloader.A and Trj/WmvDownloader.B, in video files circulating on P2P (peer-to-peer) networks.
According to Panda Software, both Trojans take advantage of the new Windows anti-piracy technology to trick users into downloading spyware and adware applications.
"When a user tries to play a protected Windows media file, this technology demands a valid license. If the license is not stored on the computer, the application will look for it on the Internet, so that the user can acquire it directly or buy it," Panda Software explained.
An unsuspecting user attempting to download the DRM (digital rights management) license will instead be redirected to a Web site that loads a large quantity of adware, spyware, modem dialers and other viruses, the company said in an advisory.
"It's pretty ingenious," said Patrick Hinojasa, chief technical officer at Panda Software. "To take an anti-piracy feature and use it to feed spyware is extremely ironic."
Hinojasa told eWEEK.com that the use of Windows Media files as a spyware vehicle is another sign that virus writers and companies supporting spyware are looking for new entry points to infect computers.
"In this case, they're using technology meant to secure content. It just shows that the more bells and whistles you add to the technology, the more you open doors for the bad guys," he said.
Even though these Trojans have been detected in video files on P2P networks such as Kazaa or eMule, Hinojasa warned that these files can be distributed via e-mail, FTP or other Internet download avenues.
Ben Edelman, a Harvard University student who tracks and comments on the spyware scourge, also spotted the spyware-laden media files. In a research note, Edelman posted a demonstration of the exploits and warned that users with older versions of Windows will receive "confusing and misleading messages" regarding the DRM licenses.
After attempting to download the DRM, Edelman said: "On a fresh test computer, I pressed Yes once to allow the installation. My computer quickly became contaminated with the most spyware programs I have ever received in a single sitting."
"All told, the infection added 58 folders, 786 files and an incredible 11,915 registry entries to my test computer. Not one of these programs had showed me any license agreement, nor had I consented to their installation on my computer," he added. |
Source |
|
|
| VERTiG0 |
| <3 <3 <3 Firefox <3 <3 <3 |
|
|
| Tully |
| so do i just sign up for firefox to dload it? |
|
|
| VERTiG0 |
| quote: | Originally posted by Tully
so do i just sign up for firefox to dload it? |
Don't have to sign up for anything.
http://www.mozilla.org/products/firefox/
Click the FREE DOWNLOAD link in the top right :) |
|
|
| Funkyfun |
| Another better solution is to throw Windows XP CD out the window and upgrade to a better & more reliable OS like Win2k Pro....I remember installing XP just once in the beginning, and didn't like it cause of the excess baggage that it carried with the OS core.....:whip: |
|
|
| malek |
| quote: | Originally posted by Funkyfun
Another better solution is to throw Windows XP CD out the window and upgrade to a better & more reliable OS like Win2k Pro....I remember installing XP just once in the beginning, and didn't like it cause of the excess baggage that it carried with the OS core.....:whip: |
hahaha you must be kidding:stongue: :haha: :stongue: |
|
|
| VERTiG0 |
| quote: | Originally posted by malek
hahaha you must be kidding:stongue: :haha: :stongue: |
Hehe, no kidding. WinXP is basically Win2k with a fancy interface. |
|
|
| starsearcher |
| I just started using Win2k at my new job again and it's annoying as hell :p |
|
|
| disko-kandi |
yup. i'm infected AGAIN!!!!!! :whip: :whip: :whip: second time in less than 2 months but this time on my baby laptop! AARRGHHHH!!!
i did the automatic windows update and ever since the service pack 2 installation on my laptop i'm fuked up again! i can't believe this!!! maybe it's better to just stay away from the internet all together. back to smoke signals and blowing mountain horns!
this is BS! grrrr! :wtf: |
|
|
|
|