Tag: windows
-
Ransomware, malware that forces the user of an infected machine to pay a sum of money to Someone Out There in exchange for regaining access to their data isn't exactly the most common thing going around but it seems to be catching on, and I can't think of a reason why it would slow down. Earlier strains found in the wild did things like finding and encrypting all Excel spreadsheets on a machine and demanding that the user wire money someplace in exchange for the utility that would decrypt them, but now the stakes are a bit higher on both …
Read more...
-
A couple of days ago, Microsoft released a security bulletin regarding a vulnerability in the DNS server component of Windows Server 2000 and 2003. In it, a remote attacker can cause the DNS server system service to spawn a shell that one can then connect to and execute commands because there is a bug in the RPC (Remote Procedure Call) interface. Ordinarily, Windows is designed to be operated from the GUI that we all know and love, but if you open a command shell, there's an excellent suite of command line utilities that can perform the same operations, usually much …
Read more...
-
A presentation at Black Hat Europe 2007 by security researchers from India has blown the security of the Windows Vista bootloader wide open, and compromised the security model of Microsoft's latest operating system at the lowest levels. Vipin and Nitin Kumar of NV Labs figured out how to write what the popular press is calling a 'bootkit' that runs off of a bootable CD or DVD. The bootkit searches the primary drive for a copy of Windows Vista and executes it while making modifications to the code running in memory transparently - because the OS trusts the 'trusted' bootloader implicitly, it …
Read more...
-
Windows XP, let me be clear. And they won't let you download it unless you're using IE on a known valid (by WGA) copy of Windows, but there are ways around that (thanks, cow-orker!).
Microsoft has released a utility for Windows XP that parses the System Restore data and shows you everything that's changed for a specified period of time to aid in debugging. It can show you what software has recently been installed, what hotfixes and Windows Components have been installed, what BHOs (browser helper objects - read 'call it spyware and be done with it') have infected IE, what …
Read more...
-
Maybe CERT-FI is following in the footsteps of US-CERT (free tip for you guys: 300 bps is obsolete!), which is why it's taken them eight months to say anything about this, but there is a particularly interesting worm that attacks Windows crawling around on the Net called Allaple-A which is remarkably subtle for an infectious agent. First of all, it's polymorphic, meaning that it rewrites parts of itself whenever it spreads, which makes it difficult for antivirus software to find and kill it. At first, it spread by bruteforcing passwords against the Radmin service and open network shares, but there …
Read more...
-
WGA - Windows Genuine Advantage. A software agent that runs on installs of Windows to make sure that you're not using a pirated copy. Unless you let it install itself, you'll have a hell of a time updating your system because a running WGA agent is required to run Windows Update. Of course, you can go to the Knowledge Base and download the updates one by one, but when you take into account how many updates there are, you may as well install it yourself.
Interestingly, if you refuse to let the WGA hotfix/update/agent/spyware install itself it phones …
Read more...
-
Early adopters of Windows Vista have been finding themselves burned by an increasingly common problem in personal computing, namely, the utter lack of compatible drivers. Microsoft has been making it more and more difficult to write drivers these days, and a lot of companies weren't able to ship Vista-ready drivers by the time the new version of Windows hit the shelves and OEMs. Thus, they wind up on the manufacturers' websites, often hidden behind crappy search engines and mis-linked pages. This doesn't help you if your modem or network card doesn't work because - surprise, surprise - there are no drivers for …
Read more...
-
Technically, Microsoft Windows Vista hasn't even been released yet and the DRM system has been cracked. DRM, the so-called Digital Rights Management system that the MPAA and RIAA are blackmailing hardware and software vendors into supporting so that they can control what you watch or listen to, how, when, and for how long uses strong crypto to encrypt media files and control who and what can access them. In Vista, it's called PMP, the Protected Media Path, and reaches all the way down to the level of the hardware drivers. In theory, if all of the drivers on the system …
Read more...
«
2 / 2
