Clicky
Last visit was: Fri Jul 04, 2014 6:39 pm
It is currently Fri Jul 04, 2014 6:39 pm

F1 key can be exploited to download malware


All times are UTC - 5 hours [ DST ]


 [ 5 posts ] 
Author Message
 PostPosted: Tue Mar 02, 2010 11:20 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
http://www.microsoft.com/technet/securi ... 81169.mspx
via
http://www.krebsonsecurity.com/2010/03/ ... tion-keys/

If you get a pop up that tells you to hit the F1 key, don't do it, at least not if you're running Windows. It can be exploited to download malware.

Microsoft is peeved that the vulnerability was announced publicly instead of being reported to them privately. There has been controversy lately because some hackers are fed up with seeming lack of action on the security holes they find and report. They feel that they are doing the work the software companies should be doing for themselves. They also complain that when they do find vulnerabilities, so much time elapses after they report them that criminals have already found them and created exploits before the legitimate users are given any warning of the risk.


Top
 Profile  
 PostPosted: Wed Mar 03, 2010 11:46 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Honestly what does this tell us about Windows? :roll:

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies. I wonder what it will take to get corporate IT to stand up and say "Okay that's it. That's the last straw."

SiL


Top
 Profile  
 PostPosted: Thu Mar 04, 2010 10:50 am   
Spam Observer
User avatar

Joined: Thu Aug 14, 2008 3:48 pm
Posts: 79
spamislame wrote:
Honestly what does this tell us about Windows? :roll:

That an entire OS is this vulnerable is just ridiculous. It was vulnerable to begin with, then third-party software was not securely written (notably that of Adobe), but now this. Honestly.

I'm sure OSX and Unix have some similar weirdnesses to them but their security foundation is so much more robust.

I have to use Windows for the majority of what I do on a daily basis due to job requirements and office policies.


Do you think the Adobe heap of junk software is any more secure on Linux?

When was the last time you got Windows malware on your machine? It is now much more about application vulnerabilities (Adobe) and social engineering than exploiting holes in the OS.


Top
 Profile  
 PostPosted: Thu Mar 04, 2010 11:52 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
I have a hard time calling Photoshop "A heap of junk." :) I actually can say with a clean conscience that I love that software. (I've been using it since v.2.0)

But I do agree with your point.

Why, by the way, does a PDF file require JavaScript to be enabled by default?

Adobe makes, I think, good software, but they appear to have had a hard time dotting their i's and crossing their t's from a security standpoint.

SiL


Top
 Profile  
 PostPosted: Thu Mar 04, 2010 9:04 pm   
Spammer Killing Machine
User avatar

Joined: Thu Apr 03, 2008 4:33 pm
Posts: 590
Location: Florida
Not really related....but some times people are beyond help :P Apparantly Windows blocked some "Secure Tool" fake antivirus download on my mother's computer, and she blindly "Accepted" / Allowed it, when Windows Defender blocked it.

My stepdad handed her Kaspersky (the price tag said 70$!) and I told him to return that crap lol. No antivirus can save you if you "allow" what was blocked :)


On a side-note, damn I can't even recall the last time I used "F1" for help lol. I wonder if there's a way to "hotkey" it to open Google.com....? :) Since..well, when/if I do have a problem, I tend to just go ask Google (jeeves died a horrible death years ago, or he usually had the answer too LOL)

_________________
SpamPoison


Top
 Profile  
 [ 5 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008