Saturday, December 31, 2005

More on that Windows flaw..............

Saw this on the Washington Post. You have to give the W.P. some info to see all their articles so in lieu of that, I copied and pasted the following.............

Windows Security Flaw Is 'Severe'
PCs Vulnerable to Spyware, Viruses

By Brian Krebs
Special to The Washington Post
Friday, December 30, 2005; D01

A previously unknown flaw in Microsoft Corp.'s Windows operating system is leaving computer users vulnerable to spyware, viruses and other programs that could overtake their machines and has sent the company scrambling to come up with a fix.

Microsoft said in a statement yesterday that it is investigating the vulnerability and plans to issue a software patch to fix the problem. The company could not say how soon that patch would be available.

Mike Reavey, operations manager for Microsoft's Security Response Center, called the flaw "a very serious issue."

Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.

Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.

An estimated 90 percent of personal computers run on Microsoft Windows operating systems. Microsoft has found itself under attack on several instances and has been forced to issue a number of patches to keep computers running Windows safe. Mac and Linux computer users are not at risk with this attack, even if their computers run Microsoft programs such as Office or the Internet Explorer Web browser.

Reavey encouraged users to update their anti-virus software, ensure all Windows security patches are installed, avoid visiting unfamiliar Web sites, and refrain from clicking on links that arrive via e-mail or instant message.

"The problem with this attack is that it is so hard to defend against for the average user," said Johannes Ullrich, chief research officer for the SANS Internet Storm Center in Bethesda.

At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.

Since then, however, hundreds of sites have begun using the flaw to install a broad range of malicious software. SANS has received several reports of attackers blasting out spam e-mails containing links that lead to malicious sites exploiting the new flaw, Ullrich said.

Dean Turner, a senior manager at anti-virus firm Symantec Corp. of Cupertino, Calif., said the company has seen the vulnerability exploited to install software that intercepts personal and financial information when users of infected computers enter the data at certain banking or e-commerce sites.

Eric Sites, vice president of research and development for anti-spyware firm Sunbelt Software, said he has spotted spyware being downloaded to a user's machine by online banner advertisements.

"Pretty much all of the spyware guys who normally use other techniques for pushing this stuff down to your machine are now picking this exploit up," Sites said.

Because the vulnerability exists within a faulty Windows component, security experts warn that Windows users who eschew Internet Explorer in favor of alternative Web browsers, such as older versions of Firefox and Opera, can still get their PCs infected if they agree to download a file from a site taking advantage of the flaw.

Richard M. Smith, a Boston security and privacy consultant, said he was particularly worried that the vulnerability could soon be used to power a fast-spreading e-mail worm.

"We could see the mother of all worms here," Smith said. "My big fear is we're going to wake up in the next week or two and have people warning users not to read their e-mail because something is going around that's extremely virulent."

Brian Krebs is a reporter.
© 2005 The Washington Post Company

All I can say is that if Microsoft is admitting that it's serious, it must be really serious. I'm no computer expert but if you are using IE 6 and you are surfing to "questionable" sites, you are just asking for trouble.

Just because you go to college doesn't necessarily mean you're intelligent. Then again, some folks are just plain stupid.

I don't wanna die like this. I want to be 88 years old and get thrown off my mountain bike and center punch a tree as I am riding a gnarly downhill at 45 mph.


Go to school for free. Way cool.

I'm not sure why I keep replaying this video ..........but I do.

I'd have to agree with this, I have one and I use the heck out of it. Since I grew up in the age of 8-tracks, it's really cool to have something that I can fit so much stuff into and then put in my pocket.

I say........HELL YEAH. Better yet, they shoulda gave him a parachute and booted his ass off the plane while it was over the island instead of taking the time to land.

Even Microsoft employees use Firefox.

I was gonna do a review of stuff that happened in the past year, but everybody else seems to be doing that are a few of my predictions for 2006....

-George Bush gets arrested for this and gets thrown in jail. Nobody bails him out.

-The RIAA will have a public backlash from them suing all their customers and will lose some key court cases and have to apoligize for being assholes.

-We are going to get pounded by nearly as many hurricanes as we did this year and George Bush will be on vacation during all of them.

-Earthquakes in the midwest, most of Central Canada slides into the Mississippi and ends up in New Orleans. Eh?

-Donuts will become part of the Food Pyramid.

-Michael Jackson has a hit record. Not.

Whaddya think?

What's the Donut Guy doing this New Year's Eve?


It's hard to turn down double time and a half for an 8 hour shift.

Oh, one more thing before I go...........If you're gonna get hammered tonight.... call a cab, have a sober friend be the designated driver or stay put and sleep it off........


It ain't worth it.

Seeya next year.

1 comment:

Anonymous said...

The Wal-Mart site was down last night so I couldn't check out what you were talking about. Well, it's up now and that looks really really cool I want that series....