Jump to content
CCleaner Community Forums
Sign in to follow this  
Humpty

Flaw leaves Microsoft looking like a turkey

Recommended Posts

What I can't work out is why PC's in one country aren't affected yet in others they are? :unsure:

MICROSOFT engineers worked frantically over the US Thanksgiving holiday to fix a design flaw in Windows that has exposed millions of computers to hijacking by computer criminals.

 

By exploiting the design flaw a lone miscreant could take control of vast numbers of home or office PCs around the world in a single attack. They could read data, steal passwords and monitor internet use or use them to distribute spam or viruses.

 

The bug was demonstrated at the Kiwicon hacker conference in New Zealand last week by an ethical hacker, Beau Butler.

 

"This whole presentation came about from me telling a story to a bunch of my computer security friends down the pub one night," he said on the phone from New Zealand. "They basically said, 'You're going to have to step up and talk about that'."

 

While testing the flaw, Mr Butler found more than 160,000 computers in NZ were vulnerable. Computers in the US are not vulnerable to the flaw, but many countries are potentially wide open.

 

It was decided not to publish details of the vulnerability after bringing it to the attention of Microsoft this week.

Article

Share this post


Link to post
Share on other sites
What I can't work out is why PC's in one country aren't affected yet in others they aren't? :unsure:

Indeed. I'd quite like to know what countries are affected, not just 'the US is ok' :rolleyes:

Share this post


Link to post
Share on other sites

Sounds like spam. Lets see it on Securina or some other proper security site and then Ill believe it. This has no real details at all and reeks of some Linux zealots wet dream.

Share this post


Link to post
Share on other sites

"Flaw leaves Microsoft looking like a turkey"

After thanksgiving I think it's going to be tough to spot a turkey. :lol:

 

This has no real details at all and reeks of some Linux zealots wet dream.

Or some MAC fanboys.

Share this post


Link to post
Share on other sites

More info:

The flaw affects all versions of Windows including Vista, but does not affect computers in the United States. Microsoft reportedly patched the flaw eight years ago to protect computers that use the ?.com? domain as part of their corporate identity. The fix, however, does not work for computers that use domain country codes, such as .nz (New Zealand) or .uk (United Kingdom).

 

WPAD is a method used by Web browsers to locate a proxy configuration file called wpad.dat that is used to configure a Web browser?s proxy settings. Part of the flaw lets the search for the configuration file leave the safety of the corporate network, thus opening an avenue for a hacker to hijack the request and deliver a configuration file to the browser that could then be then exploited to intercept and modify the user?s Web traffic.

 

The Windows WPAD feature was designed so administrators would not have to configure browser proxy settings on each desktop manually. All the automated WPAD configuration work takes place out of view of the user.

 

Last week, Beau Butler, who also goes by the name Oddy and the title ?ethical hacker,? presented his rediscovery of the WPAD flaw at the annual Kiwicon security conference at Victoria University of Wellington in New Zealand. Butler told conference attendees and Australia?s The Age Web site that he found 160,000 computers in New Zealand using the .nz domain that were vulnerable to the WPAD flaw. The Age said Microsoft asked it not to publish the details over fears they could be used by cybercriminals to seize control of workstations. Microsoft confirmed it was a serious issue, The Age said. Continued

Article

Share this post


Link to post
Share on other sites
The Age said Microsoft asked it not to publish the details over fears they could be used by cybercriminals to seize control of workstations. Microsoft confirmed it was a serious issue, The Age said.

That's actually smart. ;)

 

One would think the U.S. government and/or news channels would do the same! :rolleyes: They're always giving those damned terrorist ideas of what to attack such as the food supply, or water saying they could do this and that to it to harm us. Giving out that information has always puzzled me because the baddies may have not even thought of it.

Share this post


Link to post
Share on other sites

Ok well if the flaw does actually exist, it doesnt effect me or any of my clients as none use a proxy for IE.

Share this post


Link to post
Share on other sites

As Chris Pirillo said, "all operating systems suck." The only reason why OSX has less problems is because less people use them. Personally, Steve Jobs rubs me the wrong way, he is too cagey about his stuff. I mean, OSX runs well, but he loves to egg on the mac cult. Linux is supposed to be better, but the same rule applies.

Share this post


Link to post
Share on other sites

MacOSX is BSD with a fancy propreitary window manager and other stuff ontop of it. It actually has more security vulenrabilities than Vista if you analyse numbers over release time.

Share this post


Link to post
Share on other sites
Ok well if the flaw does actually exist, it doesnt effect me or any of my clients as none use a proxy for IE.

 

Good luck with that.

 

Parts of OSX are vulnerable to this also, as is Firefox. MS just gets all the press because they're MS.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...