Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Windows Trojans Snatch Your Personal Data (and Another IE Flaw)

  • Subject: Re: [News] Windows Trojans Snatch Your Personal Data (and Another IE Flaw)
  • From: The Ghost In The Machine <ewill@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 10 Aug 2006 03:00:05 GMT
  • Newsgroups: comp.os.linux.advocacy
  • Organization: EarthLink Inc. -- http://www.EarthLink.net
  • References: <1211062.1iaZ3DM1jA@schestowitz.com> <hqqnq3-gq7.ln1@sirius.tg00suus7038.net> <s14qq3-l76.ln1@mysuse101.machine2.eu>
  • User-agent: slrn/0.9.8.1 (Linux)
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1138598
In comp.os.linux.advocacy, William Poaster
<wp@xxxxxxxxxxxxx>
 wrote
on Wed, 9 Aug 2006 23:26:36 +0100
<s14qq3-l76.ln1@xxxxxxxxxxxxxxxxxxxxx>:
> It was on Wed, 09 Aug 2006 02:00:03 +0000, that The Ghost In The Machine
> wrote:
>
>> In comp.os.linux.advocacy, Roy Schestowitz
>> <newsgroups@xxxxxxxxxxxxxxx>
>>  wrote
>> on Wed, 09 Aug 2006 01:40:19 +0100
>> <1211062.1iaZ3DM1jA@xxxxxxxxxxxxxxx>:
>>> Phishing Trojan plays ping-pong with captured data
>>>
>>> ,----[ Quote ]
>>> | After infecting a victim's computer, the Trojan is programmed to
>>> | install itself as an Internet Explorer Browser Helper Object (BHO).
>>> | The software then waits for a victim to post sensitive data online.
>>> | This data, once entered, is captured by the Trojan and sent to attackers.
>>> `----
>>>
>>>                 http://www.theregister.co.uk/2006/08/08/phishing_trojan/
>> 
>> Now where have we heard that one before....? :-)
>> 
>> In other news, Microsoft touts major security improvements in Vista,
>> making it "even more secure than earlier Windows client operating
>> systems".
>> 
>> http://www.microsoft.com/technet/windowsvista/evaluate/feat/secfeat.mspx
>> 
>> And, since one will need it while reading the second link, here's
>> a large grain of salt:
>> 
>>        +------+
>>       /      /|
>>      /      / |
>>     +------+  |
>>     |      |  +
>>     |      | /
>>     |      |/
>>     +------+
>> 
>> (Not responsible for cardiovascular damage caused by said crystal of
>> salt or falling out of one's chair.)
>
> And to counteract M$'s propaganda about Fista, there's this:
>
> http://www.darkreading.com/document.asp?doc_id=100960&WT.svl=news1_1
>
> Vista: No Silver Bullet for Security
> <Quote>
> ....the new OS still offers a big target, a few weak spots, and plenty of
> room for patching.
> <Unquote>
>
> Patch Tuesday is here to stay!
>

Hmm....

    "The OS is just there to run the programs, and if the programs
    themselves are not secure, the whole system is insecure."

(Matasano Security researcher Tomas Ptacek)

Does this make sense to anyone else?  It makes a little but not a lot of
sense to me; of course running tftp on one's server without proper
safeguards is an invitation to disaster, but a layered security method
helps -- Apache in particular runs as 'nobody' or 'www', an account with
very few if any privileges; it might not even have a home directory.

This is telling, though:

    Security aside, Vista doesn't have much more
    functionality than XP, says Marc Maiffret, CTO for
    eEye Digital Security. "There are almost zero new
    functionality features in Vista besides the security
    stuff," Maiffret says. "But Microsoft is doing all the
    right things with security they can.  But eventually,
    bugs will be a given."

Ouch.

-- 
#191, ewill3@xxxxxxxxxxxxx
Windows Vista.  Because it's time to refresh your hardware.  Trust us.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index