Microsoft warns users of hacker attacks

Started by DigitalBuddha, November 05, 2013, 09:45:37 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

DigitalBuddha

November 05, 2013, 09:45:37 PM
Microsoft warns users of hacker attacks

Microsoft has warned that hackers could exploit a "vulnerability" in its operating system to gain user rights to the affected computers.

It said attackers could exploit this by requesting users to preview or open a specially crafted email or web content.

Over the line! - http://www.bbc.co.uk/news/technology-24814999

jdurand

#1
November 18, 2013, 02:16:54 PM
We were just discussing on another forum how it's amazing the number of people who still think they've won a $42,000,000 lottery gift and yet the lottery has no idea who they are so please provide all your security info.

Here's a Dude version:

From:  You're Locle Police Depapment
RE:  Yoour being arrested
Replay To: DudeScam AT mailinator.com

In order to arrest you right and give you less time in prison you must give us the following information...

NAME:
ADDRESS:
LOCATION OF STASH:
ANY SECURITY:
WHO DO YOU BUY FROM:
IS IT REALLY GOOD:

BikerDude

#2
November 18, 2013, 03:20:14 PM Last Edit: November 18, 2013, 03:23:59 PM by BikerDude
It amazes me that MS still has this vulnerability.
Typically it is Active X (or whatever the new name is) that allows complete access.
It's been going on through how many versions now?
A lot.

Oh wow! It's in the way tiff images are handled.
Very crafty.
That is up there with the exploit where you string together a bunch of files with names that are the commands in a perl script. When explorer listed the files it executed the script. That was one of the oddest sploits I've seen.


Out here we are all his children

jdurand

#3
November 18, 2013, 06:13:09 PM
The oldest I'd seen was with ANSI terminals on time sharing machines.  You would send a command to the terminal to change its ID String (just a text string).  You would then send WhoAreYou  and it would reply with that text string which, of course, you just set to be some command that was now executed with that user's rights.  Often the first command was a LOCK_KEYBOARD so if the user was sitting there, they couldn't do anything but watch.

jdurand

#4
November 19, 2013, 01:00:09 PM
I just received what could have been a very Dude spam

"Urgent Massage From Barrister M.Collins"

Unfortunately, it was just telling me I won $29.5 million.  Drat, I could have used a massage.

DigitalBuddha

#5
November 19, 2013, 09:47:46 PM
Quote from: jdurand on November 19, 2013, 01:00:09 PM
I just received what could have been a very Dude spam

"Urgent Massage From Barrister M.Collins"

Unfortunately, it was just telling me I won $29.5 million.  Drat, I could have used a massage.

;D I always tell them to go ahead and send the cash to my Paypal account.
Print
Go Up Pages1
User actions