header image
« Silly prototypes of the week
Scrum, Agile, XP, RUP or just plain common sense? »
[ # ] Bad Vista
August 8th, 2008 under InfoSec, rengolin

Ooops, they did it again…

A whole new hacking style was discovered due to the complete incompetence of Microsoft’s engineers. When will they understand that security means the opposite of trust?

You can choose whatever framework you want (Java, .NET, ActiveX) build a simple program and have total control of the user’s machine in seconds. All that because our beloved Windows browsers trusts Microsoft’s technology only too much. And worse, the Windows kernel trusts Microsoft’s browsers and .NET too much too!

ActiveX attacks are not new, IE has an extensive history of huge holes through their magnificent piece of crap. Rendering Windows’ security hopeless is also not new, Outlook for decades gave hackers a free feature of one-click-exploit ™ but this is completely crazy.

No matter which way you go, what framework you use and what path you take, total control of the machine is a few clicks away. Worse still, as this confidence in crap dates back from Windows 2.0, I wouldn’t be surprised if they find they can do the same on all versions of any software (ahem…) they’ve produced so far, including DOS 1.0!!

Oh well, you can’t say you didn’t know, can you?

Popularity: 6% [?]

Share This

Read the Comments

[ # 2364 ] Comment from Janet [August 11, 2008, 7:05 pm]

Hello,

I’m Janet,

I’m probably off topic, but I’m reading your blog and I find it very interesting!

Did you think to register it to TechnoSNACK?
The site is not mine, but I’m a fan and it’s becoming a good blog aggregator about Computer and Internet news.

Link is here: http://www.technosnack.com
Email is above the comment.

I’ll bookmark your blog.

bye!

[ # 2415 ] Comment from rengolin [August 12, 2008, 10:24 am]

Hi Janet,

Thanks for your words, it’s very pleasant to hear feedback to our work (good and bad!).

I’ll add the link to our blogroll, thanks for the tip.

[ # 2423 ] Comment from Mac Backup [August 12, 2008, 10:04 pm]

Are you saying we are better off using macbooks? o_O
-Jason

[ # 2502 ] Comment from rengolin [August 21, 2008, 8:12 am]

Hi Jason, is Apple the only other option?

[ # 2545 ] Comment from Antolia [August 22, 2008, 9:09 am]

Every thing mentioned in your post is good and well.But what are the other options for this

[ # 2546 ] Comment from rengolin [August 22, 2008, 9:43 am]

Ok, other options: Free Software.

Linux has many options but for Windows and Mac users Ubuntu is definitely the best choice.

Other Linux distributions, FreeBSD and other are also cool if you (want to) know how it works, which is always a good idea.

Give it a try, get a laptop, install Ubuntu on it and see how it goes. The only thing that I really miss is the plethora of games available to the MS platform, but that’s bound to change in the future.

All the rest is there: browser and mail client, complete office (compatible with MS) and photo editors, IMs, torrent, educational software and some good games. It’s specially good for kids (mine love it).

Have fun!

[ # 2715 ] Comment from Seamless Development [September 3, 2008, 5:15 pm]

Great write-up. Going along with the IE ActiveX attacks, it’ll be interesting to see if Google’s new browser Chrome becomes vulnerable to such attacks.

John,
Custom Programming
Close
E-mail It