InBoxRevenge KS Forum

[AlphaCentauri]

http://www.microsoft.com/technet/securi ... 81169.mspx
via
http://www.krebsonsecurity.com/2010/03/ ... tion-keys/

If you get a pop up that tells you to hit the F1 key, don't do it, at least not if you're running Windows. It can be exploited to download malware.

Microsoft is peeved that the vulnerability was announced publicly instead of being reported to them privately. There has been controversy lately because some hackers are fed up with seeming lack of action on the security holes they find and report. They feel that they are doing the work the software companies should be doing for themselves. They also complain that when they do find vulnerabilities, so much time elapses after they report them that criminals have already found them and created exploits before the legitimate users are given any warning of the risk.

[spamislame]

Honestly what does this tell us about Windows?

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies. I wonder what it will take to get corporate IT to stand up and say "Okay that's it. That's the last straw."

SiL

[Moike]

Honestly what does this tell us about Windows?

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies.

Do you think the Adobe heap of junk software is any more secure on Linux?

When was the last time you got Windows malware on your machine? It is now much more about application vulnerabilities (Adobe) and social engineering than exploiting holes in the OS.

[spamislame]

I have a hard time calling Photoshop "A heap of junk." I actually can say with a clean conscience that I love that software. (I've been using it since v.2.0)

But I do agree with your point.

Why, by the way, does a PDF file require JavaScript to be enabled by default?

Adobe makes, I think, good software, but they appear to have had a hard time dotting their i's and crossing their t's from a security standpoint.

SiL

[ahoier]

Not really related....but some times people are beyond help :P Apparantly Windows blocked some "Secure Tool" fake antivirus download on my mother's computer, and she blindly "Accepted" / Allowed it, when Windows Defender blocked it.

My stepdad handed her Kaspersky (the price tag said 70$!) and I told him to return that crap lol. No antivirus can save you if you "allow" what was blocked :)


On a side-note, damn I can't even recall the last time I used "F1" for help lol. I wonder if there's a way to "hotkey" it to open Google.com....? :) Since..well, when/if I do have a problem, I tend to just go ask Google (jeeves died a horrible death years ago, or he usually had the answer too LOL)