06.11.10
Gemini version available ♊︎Eye on Security: Windows is Vulnerable, GNU/Linux is Not
Summary: Today’s examples of security weaknesses in Windows (which help justify Google’s recent abandonment of Windows on the desktop)
• Microsoft Security Vulnerability Disclosed (no silent patches yet?)
Microsoft was left racing to patch a Windows Help and Support Center vulnerability after Tavis Ormandy, an information security researcher who’s charged with keeping Google’s products secure, Thursday publicly disclosed both the bug as well as proof-of-concept attack code.
Ormandy reportedly informed Microsoft of the vulnerability on Saturday, June 5, and Microsoft acknowledged receipt the same day. Five days later, however, Ormandy went public with a posting to the Full Disclosure mailing list. Later that day, Microsoft issued its own vulnerability announcement.
• Bug gives attackers complete control of Windows PCs [via]
A security researcher has warned of a vulnerability in older versions of the Windows operating system that allows attackers to take full control of a PC by luring its user to a booby-trapped website.
The flaw resides in the Windows Help and Support Center, a feature that provides users with online technical support. Malicious hackers can exploit the weakness of Windows by embedding commands in web addresses that activate the feature’s remote assistance tool, which allows administrators to execute commands over the internet. The exploit works in XP and Server 2003 versions of Windows and possibly others.
Use browsers and operating systems that are more secure. Get away from the monopoly OS that is the main target of attacks. Cut down your risk by a factor of 1000 or so by a single step, migrating to GNU/Linux. It makes sense.