What I can't work out is why PC's in one country aren't affected yet in others they are?
MICROSOFT engineers worked frantically over the US Thanksgiving holiday to fix a design flaw in Windows that has exposed millions of computers to hijacking by computer criminals.
By exploiting the design flaw a lone miscreant could take control of vast numbers of home or office PCs around the world in a single attack. They could read data, steal passwords and monitor internet use or use them to distribute spam or viruses.
The bug was demonstrated at the Kiwicon hacker conference in New Zealand last week by an ethical hacker, Beau Butler.
"This whole presentation came about from me telling a story to a bunch of my computer security friends down the pub one night," he said on the phone from New Zealand. "They basically said, 'You're going to have to step up and talk about that'."
While testing the flaw, Mr Butler found more than 160,000 computers in NZ were vulnerable. Computers in the US are not vulnerable to the flaw, but many countries are potentially wide open.
It was decided not to publish details of the vulnerability after bringing it to the attention of Microsoft this week.
Sounds like spam. Lets see it on Securina or some other proper security site and then Ill believe it. This has no real details at all and reeks of some Linux zealots wet dream.
The flaw affects all versions of Windows including Vista, but does not affect computers in the United States. Microsoft reportedly patched the flaw eight years ago to protect computers that use the ?.com? domain as part of their corporate identity. The fix, however, does not work for computers that use domain country codes, such as .nz (New Zealand) or .uk (United Kingdom).
WPAD is a method used by Web browsers to locate a proxy configuration file called wpad.dat that is used to configure a Web browser?s proxy settings. Part of the flaw lets the search for the configuration file leave the safety of the corporate network, thus opening an avenue for a hacker to hijack the request and deliver a configuration file to the browser that could then be then exploited to intercept and modify the user?s Web traffic.
The Windows WPAD feature was designed so administrators would not have to configure browser proxy settings on each desktop manually. All the automated WPAD configuration work takes place out of view of the user.
Last week, Beau Butler, who also goes by the name Oddy and the title ?ethical hacker,? presented his rediscovery of the WPAD flaw at the annual Kiwicon security conference at Victoria University of Wellington in New Zealand. Butler told conference attendees and Australia?s The Age Web site that he found 160,000 computers in New Zealand using the .nz domain that were vulnerable to the WPAD flaw. The Age said Microsoft asked it not to publish the details over fears they could be used by cybercriminals to seize control of workstations. Microsoft confirmed it was a serious issue, The Age said. Continued
The Age said Microsoft asked it not to publish the details over fears they could be used by cybercriminals to seize control of workstations. Microsoft confirmed it was a serious issue, The Age said.
That's actually smart.
One would think the U.S. government and/or news channels would do the same! They're always giving those damned terrorist ideas of what to attack such as the food supply, or water saying they could do this and that to it to harm us. Giving out that information has always puzzled me because the baddies may have not even thought of it.
As Chris Pirillo said, "all operating systems suck." The only reason why OSX has less problems is because less people use them. Personally, Steve Jobs rubs me the wrong way, he is too cagey about his stuff. I mean, OSX runs well, but he loves to egg on the mac cult. Linux is supposed to be better, but the same rule applies.
MacOSX is BSD with a fancy propreitary window manager and other stuff ontop of it. It actually has more security vulenrabilities than Vista if you analyse numbers over release time.