fightingfi
2[H]4U
- Joined
- Oct 9, 2008
- Messages
- 3,231
Microsoft won't fix Windows flaw that lets hackers steal your username and password | ZDNet
wow im shocked really scary
wow im shocked really scary
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
What if the user and password hash is all that is needed to auto login into onedrive, outlook, or other apps?I went to the perfect-privacy site which is setup to test this flaw. It said I'm not vulnerable. I'm thinking, this is probably not as big a deal as the article makes it out to be, since I am running in a default set up, just fresh installed the Windows 10 AU yesterday, I am logged into my Microsoft account, and tried the test with edge...Anyways I'm sure if it becomes a problem, MS will patch it, but right now it either does not work in the AU at all or it requires some non-standard configuration. Even then, stealing a password hash is not quite the same as stealing a password. Another reason to change your password from 'p4ssw0rd' then.
What if the user and password hash is all that is needed to auto login into onedrive, outlook, or other apps?
To exploit this, a hacker has to trick a user into visiting a specially-crafted web page in Internet Explorer or Edge (on Windows 10) that points to their own network share. The browser will silently send usernames and hashed passwords to the network share, which can then be scooped up and stolen.
Why you should never use MS products on their "Operating System".
Yeah it never happened before that MS browser is used as a backdoorYes let's dump any software soon as it gets a security flaw. That would leave us with a nice hello world program or so to run.
It is a 20 year old flaw, no new news here. If you go to a malicious website bad stuff may happen.
Yeah it never happened before that MS browser is used as a backdoor
This test requires Internet Explorer or Edge to work.
Read our post for the details.
Not vulnerable
No login credentials found. It seems you are not vulnerable to this attack. This could be because your firewall settings prevent the connections. Please refer to our blog post for more information.