[News] [Rival] Security Flaw in Windows XP Gets Microsoft "Frightened" (Total Mess) - Linux

This is a discussion on [News] [Rival] Security Flaw in Windows XP Gets Microsoft "Frightened" (Total Mess) - Linux ; Microsoft exec calls XP hack 'frightening' ,----[ Quote ] | "You can download attack tools from the Internet, and even script kiddies can | use this one," said Mick. | | Mick found the IP address of his own computer ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [News] [Rival] Security Flaw in Windows XP Gets Microsoft "Frightened" (Total Mess)

  1. [News] [Rival] Security Flaw in Windows XP Gets Microsoft "Frightened" (Total Mess)

    Microsoft exec calls XP hack 'frightening'

    ,----[ Quote ]
    | "You can download attack tools from the Internet, and even script kiddies can
    | use this one," said Mick.
    |
    | Mick found the IP address of his own computer by using the XP Wireless
    | Network Connection Status dialog box. He deduced the IP address of Andy's
    | computer by typing different numerically adjacent addresses in that IP range
    | into the attack tool, then scanning the addresses to see if they belonged to
    | a vulnerable machine.
    |
    | Using a different attack tool, he produced a security report detailing the
    | vulnerabilities found on the system. Mick decided to exploit one of them.

    | Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a
    payload that would exploit the flaw within a couple of minutes.
    `----

    http://news.zdnet.com/2100-1009_22-6218238.html

    No wonder about 1 in 4 Windows PCs is totally controlled by a criminal.

    Mentioned yesterday and moments ago by Peter K (separate from the above):

    Duh! Windows Encryption Hacked Via Random Number Generator

    ,----[ Quote ]
    | GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
    | Pinkas from the Department of Computer Science at the University of Haifa
    | succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
    | operating system. The significance of the loophole: emails, passwords, credit
    | card numbers, if they were typed into the computer, and actually all
    | correspondence that emanated from a computer using "Windows 2000" is
    | susceptible to tracking. "This is not a theoretical discovery. Anyone who
    | exploits this security loophole can definitely access this information on
    | other computers," remarked Dr. Pinkas.
    |
    | Editors Note: I believe this "loophole" is part of the Patriot Act, it is
    | designed for foreign governments. Seriously, if you care about security,
    | privacy, data, trojans, spyware, etc., one does not run Windows, you run
    | Linux.
    `----

    http://www.linuxelectrons.com/news/g...mber-generator

    Mind the editor's note.

    Newsflash: with Windows, the government can do /anything/ to your connected PC
    at /any/ time, without leaving a trace. No need for physical visit unless you
    keep unplugged.


    Related:

    ,----[ Quote ]
    | "Is this a good idea or not? For the first time, the giant software maker
    | is acknowledging the help of the secretive agency, better known for
    | eavesdropping on foreign officials and, more recently, U.S. citizens as
    | part of the Bush..."
    `----

    http://www.schneier.com/blog/archive...s_micro_1.html


    Microsoft could be teaching police to hack Vista

    ,----[ Quote ]
    | Microsoft may begin training the police in ways to break the
    | encryption built into its forthcoming Vista operating system.
    `----

    http://www.vnunet.com/vnunet/news/21...ng-police-hack


    UK holds Microsoft security talks

    ,----[ Quote ]
    | "UK officials are talking to Microsoft over fears the new version of
    | Windows could make it harder for police to read suspects' computer files."
    `----

    http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm


    Microsoft patents the mother of all adware systems

    ,----[ Quote ]
    | The adware framework would leave almost no data untouched in its quest to
    | sell you stuff. It would inspect "user document files, user e-mail files,
    | user music files, downloaded podcasts, computer settings, computer status
    | messages (e.g., a low memory status or low printer ink)," and more. How could
    | we have been so blind as to not see the marketing value in computer status
    | messages?
    `----

    http://arstechnica.com/news.ars/post...e-systems.html


    Encrypted E-Mail Company Hushmail Spills to Feds

    ,----[ Quote ]
    | Hushmail, a longtime provider of encrypted web-based email, markets itself by
    | saying that "not even a Hushmail employee with access to our servers can read
    | your encrypted e-mail, since each message is uniquely encoded before it
    | leaves your computer."
    |
    | But it turns out that statement seems not to apply to individuals targeted by
    | government agencies that are able to convince a Canadian court to serve a
    | court order on the company.
    `----

    http://blog.wired.com/27bstroke6/200...ted-e-mai.html


    No email privacy rights under Constitution, US gov claims

    ,----[ Quote ]
    | This appears to be more than a mere argument in support of the
    | constitutionality of a Congressional email privacy and access scheme. It
    | represents what may be the fundamental governmental position on
    | Constitutional email and electronic privacy - that there isn't any. What is
    | important in this case is not the ultimate resolution of that narrow issue,
    | but the position that the United States government is taking on the entire
    | issue of electronic privacy. That position, if accepted, may mean that the
    | government can read anybody's email at any time without a warrant.
    `----

    http://www.theregister.co.uk/2007/11...email_privacy/


    Can FOSS save your privacy?

    ,----[ Quote ]
    | Well, the Bush regime has already claimed "we don't need no steenkin
    | warrant" to listen to your phone calls, see what websites you visit,
    | scan your emails, and now, with the revelation of a new
    | "signing statement", it?s even claiming the authority to read your
    | physical mail. When the government becomes the biggest threat to
    | your privacy, you better take advantage of the legion of privacy
    | advocates creating FOSS to help you retain what little bit of privacy
    | you can still have.
    |
    | [...]
    |
    | However, just because your privacy is being threatened doesn't mean
    | you have to accept it. There is a growing array of FOSS being
    | developed to provide us with the ability to control our privacy.
    | It's about time we all start using it.
    `----

    http://www.freesoftwaremagazine.com/...e_your_privacy


    Polippix: The Political Linux Distribution of Denmark

    ,----[ Quote ]
    | From what I have been able to determine, PROSA, the Association of
    | Computer Professionals, is the group responsible for its development
    | and distribution. Their feelings on how privacy is being affected in
    | the country of Denmark are rather obvious, and it looks as if they
    | are not going to take these concerns lying down.
    `----

    http://www.madpenguin.org/cms/?m=show&id=7822

  2. Re: [News] [Rival] Security Flaw in Windows XP Gets Microsoft "Frightened" (Total Mess)

    Roy Schestowitz wrote:

    > Microsoft exec calls XP hack 'frightening'
    >
    > ,----[ Quote ]
    > | "You can download attack tools from the Internet, and even script
    > | kiddies can use this one," said Mick.
    > |
    > | Mick found the IP address of his own computer by using the XP Wireless
    > | Network Connection Status dialog box. He deduced the IP address of
    > | Andy's computer by typing different numerically adjacent addresses in
    > | that IP range into the attack tool, then scanning the addresses to see
    > | if they belonged to a vulnerable machine.
    > |
    > | Using a different attack tool, he produced a security report detailing
    > | the vulnerabilities found on the system. Mick decided to exploit one of
    > | them.
    >
    > | Using the attack tool, Mick built a piece of malware in MS-DOS, giving
    > | it a
    > payload that would exploit the flaw within a couple of minutes.
    > `----
    >
    > http://news.zdnet.com/2100-1009_22-6218238.html
    >


    What??? Hey!!! I thought the all the comedy writers were on strike???!?!?!?!


    --

    Jerry McBride (jmcbride@mail-on.us)

+ Reply to Thread