So which fixes are those? He simply left USB Flash drives in the parking lot and other places where employees could find them. Naturally, the USB drives had a Trojan on them. The employees took the little drives back to their desks, plugged them in, and the Trojan silently installed itself and e-mailed sensitive company information. Of course, I smugly think to myself that autoplay is disabled by default on Flash drives. These idiots must have browsed through the USB drives and voluntarily run the Trojans.
Yes, I walk back to my desk, plug in the drive, and up pops LaunchPad. My new USB drive wants me to install Skype and a number of other applications. I kill the program, and delete the files from the Flash drive. I thought. I insert the USB drive again and the same thing happens.
I try harder to delete the files — no dice. I reformat the drive and it all happens again. It turns out that this drive includes " U3 technology. Now I get it.
Shades of the Sony BMG rootkit! They make me go to a special, unadvertised page to get the remove utility. And in some situations, that feature could be useful. But I want it to be my software, not theirs. The moral of the story is, beware of USB devices. If this little inch Flash drive can act like an external CD-ROM drive, then it could also be a scanner, printer, mouse, keyboard, or any other device that you can attach via a USB port. The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses.
Ryan Russell is quality assurance manager at BigFix Inc. Microsoft released yet another cumulative rollup for IE, which fixed eight open holes — but once again, there are plenty left open to talk about.
I wrote about the last IE patch in my Apr. It still remains unfixed. Frame injection has affected other browsers that have since been patched. IE 6, however, is still vulnerable to this flaw, which has a history going back almost 8 years. It was fixed in for IE 3 and 4 but was reintroduced in later versions of IE. An infected site you visit can insert its own content into a frame of a trusted site that you browse some time later.
For example, you might visit an apparently harmless site, which is in reality hacked. If you then visit your bank Web site, you might sooner or later see a window that appears to be from your bank. That window, however, is controlled by someone who wants your bank account information.
When Firefox 1. IE supporters crowed about this at the time. Meanwhile, the same vulnerability has gone unpatched in IE since the problem was first discovered almost two years ago. The Firefox hole was closed back up a few weeks later in Firefox version 1. Meanwhile, frame injection is still a flaw that remains in IE after all this time. Multiple browsers have data disclosure flaw Another flaw does happen to occur in both in IE and in Firefox — the most recent versions included.
This involves the ability of a hacker to filter the keystrokes entered in a form. The input is "bounced" over to a file input box, then back again to the previous text entry, while it appears to the user that nothing out of the ordinary has happened. For Firefox , Secunia suggests disabling JavaScript support. Personally I prefer to use the NoScript add-on. This plug-in lets you pick and choose which Web sites are allowed to run JavaScript.
The flaw is suspected to be one of the things that let the cross-site scripting worm that hit MySpace work so well in October of that year. This flaw allows hackers to change certain data and do "HTTP request-smuggling" attacks. Successfully exploiting this flaw lets hackers inject HTTP requests into a browser session before they get back to the originating browser. Secunia suggests that you set your IE security setting to "High.
What to do: Use another browser, such as Firefox. The Over the Horizon column informs you about threats for which no patch has yet been released by a vendor. Trademarks : Microsoft and Windows are registered trademarks of Microsoft Corporation. All other marks are the trademarks or service marks of their respective owners. Log in Remember me. Register Lost your password? It's easy to post questions about Windows 11 , Windows 10 , Win8. Post anonymously or register for greater privileges.
Keep it civil, please: Decorous Lounge rules strictly enforced. Contact Customer Support. Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars. AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters formerly Windows Secrets Newsletter and AskWoody Plus Alerts, emails when there are important breaking developments.
Click here for details and to sign up. Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb askwoody. Free Newsletter Signup. Current Microsoft patches are causing havoc. Don't patch. Genuine Advantage is Microsoft spyware. Help: customersupport askwoody. Subscribe to the AskWoody Free Newsletter. We promise not to spam you. Unsubscribe at any time. Welcome to our unique respite from the madness. As such, I found the latest online download for KB on the Microsoft web site; downloaded that to C: and then ran it.
That seemed to install fine and so then I rebooted. All appeared OK. The other download, which was trying to install the same thing must have cancelled itself. I checked by manually running Microsoft Updates again - KB was no longer there and the update history confirmed a successful installation. Reply to author. Report message as abuse. Show original message. Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message.
One day i went to shut down, and there were updates to install before I shutdown according to the shutdown winwod, but I like to see what I install.
Cherie W. Hey TaurArian, I found you. Thanks for the link it worked like a charm. The diagnostic utility is reporting that your XP Home is a genuine installation. Please follow the Help and Support links on the Windows Updates page to find assistance in solving your Windows Updates difficulties. Sign in.
United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums. Sign in to vote.
0コメント