Like Tree0Likes

Win XP bugs--beware

Reply
Old 01-28-2004, 09:29 PM
  #1
Registered
Thread Starter
 
KH0302's Avatar
 
Join Date: Dec 2003
Location: Lake Lanier
My Boats: 87 22 Pachanga
Posts: 648
Default Win XP bugs--beware

No, this isn't an "ANTI-MS" rant, there are a couple of exisiting holes (vulnerabilities) in current, uptodate MS proudcts that can ruin your whole day.

In short BE *extra* CAREFUL until you know your system is patched!

First: this vuln discovered 13Jan - that hasen't been fixed by MS yet (hopefully soon) - has been used to phish ID info, credit card info, etc.

http://www.securityfocus.com/news/7807

"... easily exploited flaw in the way Internet Explorer displays URLs in the address bar..."

Basicly it allows someone to setup a 'malicious' web site that 'looks' legitimate (in the address bar) but actually is someplace else. If they ask you for any info - the ones who get it aren't who you think they are.

Next:

http://www.infoworld.com/article/04/...Niehole_1.html

"A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables."

Note that neither of these are 'viruses', 'trojans' or 'worms' - so your Norton (or other) anti-virus isn't going to protect you from these vulns. Some AV softwares may protect you from what you inadvertantly download - but that's by no means a sure thing. Also, for both of these, since you're the one initiating the connection to the remote server, your firewall will pass it with out hinderance. No protection there either.

If you *must* give info via a web browser - ENSURE you're using a secure connection. Check for the 'closed lock' in the status bar of most browsers. Even then - don't forget to CHECK the site's certificate. It's trivial to setup a server with an SSL connection that'll show the lock - but you've got to KNOW who it is you're connected to. Verifying the certificate is the only way to do that.

Be Careful out there, there're folks that'll hurt you if you give 'em a chance.
KH0302 is offline  
Reply With Quote
Reply

Related Topics
Thread
Thread Starter
Forum
Replies
Last Post
2 Trick Rick
OPA/The Jersey Boyz
1
08-22-2007 05:06 PM
cjsdad62
General Boating Discussion
4
10-14-2005 10:10 PM
Audiofn
General Boating Discussion
0
11-17-2002 03:20 PM
Jayl13
General Q & A
120
08-18-2002 09:01 PM



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 05:45 PM.


Copyright 2011 OffShoreOnly. All rights reserved.