Microsoft patches a 'critical' hole

,----[ Quote ]
| Microsoft gave the serious security fix its most urgent "critical" rating.
| Hackers could exploit a vulnerability using Internet Explorer 7, and possibly
| other programs, and take over a user's computer for a variety of nefarious
| purposes, such as stealing passwords or pumping out spam.
`----

http://news.yahoo.com/s/ap/20071114/...osoft_security

Zombie PCs are not going away until Windows is history (or rebuilt properly
from scratch). Lots of serious security issues recently...


Yesterday:

Microsoft exec calls XP hack 'frightening'

,----[ Quote ]
| "You can download attack tools from the Internet, and even script kiddies can
| use this one," said Mick.
|
| Mick found the IP address of his own computer by using the XP Wireless
| Network Connection Status dialog box. He deduced the IP address of Andy's
| computer by typing different numerically adjacent addresses in that IP range
| into the attack tool, then scanning the addresses to see if they belonged to
| a vulnerable machine. * *
|
| Using a different attack tool, he produced a security report detailing the
| vulnerabilities found on the system. Mick decided to exploit one of them.
| Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a
| payload that would exploit the flaw within a couple of minutes. *
`----

http://news.zdnet.com/2100-1009_22-6218238.html


Duh! Windows Encryption Hacked Via Random Number Generator

,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas. * * * *
|
| Editors Note: *I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. *Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux. *
`----

http://www.linuxelectrons.com/news/g...mber-generator