Win XP bugs--beware
01-28-2004, 08:29 PM
#1
Registered
Thread Starter
Win XP bugs--beware
No, this isn't an "ANTI-MS" rant, there are a couple of exisiting holes (vulnerabilities) in current, uptodate MS proudcts that can ruin your whole day.
In short BE *extra* CAREFUL until you know your system is patched!
First: this vuln discovered 13Jan - that hasen't been fixed by MS yet (hopefully soon) - has been used to phish ID info, credit card info, etc.
http://www.securityfocus.com/news/7807
"... easily exploited flaw in the way Internet Explorer displays URLs in the address bar..."
Basicly it allows someone to setup a 'malicious' web site that 'looks' legitimate (in the address bar) but actually is someplace else. If they ask you for any info - the ones who get it aren't who you think they are.
Next:
http://www.infoworld.com/article/04/...Niehole_1.html
"A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables."
Note that neither of these are 'viruses', 'trojans' or 'worms' - so your Norton (or other) anti-virus isn't going to protect you from these vulns. Some AV softwares may protect you from what you inadvertantly download - but that's by no means a sure thing. Also, for both of these, since you're the one initiating the connection to the remote server, your firewall will pass it with out hinderance. No protection there either.
If you *must* give info via a web browser - ENSURE you're using a secure connection. Check for the 'closed lock' in the status bar of most browsers. Even then - don't forget to CHECK the site's certificate. It's trivial to setup a server with an SSL connection that'll show the lock - but you've got to KNOW who it is you're connected to. Verifying the certificate is the only way to do that.
Be Careful out there, there're folks that'll hurt you if you give 'em a chance.
In short BE *extra* CAREFUL until you know your system is patched!
First: this vuln discovered 13Jan - that hasen't been fixed by MS yet (hopefully soon) - has been used to phish ID info, credit card info, etc.
http://www.securityfocus.com/news/7807
"... easily exploited flaw in the way Internet Explorer displays URLs in the address bar..."
Basicly it allows someone to setup a 'malicious' web site that 'looks' legitimate (in the address bar) but actually is someplace else. If they ask you for any info - the ones who get it aren't who you think they are.
Next:
http://www.infoworld.com/article/04/...Niehole_1.html
"A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables."
Note that neither of these are 'viruses', 'trojans' or 'worms' - so your Norton (or other) anti-virus isn't going to protect you from these vulns. Some AV softwares may protect you from what you inadvertantly download - but that's by no means a sure thing. Also, for both of these, since you're the one initiating the connection to the remote server, your firewall will pass it with out hinderance. No protection there either.
If you *must* give info via a web browser - ENSURE you're using a secure connection. Check for the 'closed lock' in the status bar of most browsers. Even then - don't forget to CHECK the site's certificate. It's trivial to setup a server with an SSL connection that'll show the lock - but you've got to KNOW who it is you're connected to. Verifying the certificate is the only way to do that.
Be Careful out there, there're folks that'll hurt you if you give 'em a chance.
Thread
Thread Starter
Forum
Replies
Last Post
2 Trick Rick
OPA/The Jersey Boyz
1
08-22-2007 04:06 PM
Audiofn
General Boating Discussion
0
11-17-2002 02:20 PM
