fightingfi
2[H]4U
- Joined
- Oct 9, 2008
- Messages
- 3,231
Microsoft won't fix Windows flaw that lets hackers steal your username and password | ZDNet
wow im shocked really scary
wow im shocked really scary
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Ms wont fix flaw in windows
- Thread starter fightingfi
- Start date
rezerekted
2[H]4U
- Joined
- Apr 6, 2015
- Messages
- 3,054
And Microsoft claims they care about our security. smh.
I went to the perfect-privacy site which is setup to test this flaw. It said I'm not vulnerable. I'm thinking, this is probably not as big a deal as the article makes it out to be, since I am running in a default set up, just fresh installed the Windows 10 AU yesterday, I am logged into my Microsoft account, and tried the test with edge...Anyways I'm sure if it becomes a problem, MS will patch it, but right now it either does not work in the AU at all or it requires some non-standard configuration. Even then, stealing a password hash is not quite the same as stealing a password. Another reason to change your password from 'p4ssw0rd' then.
What if the user and password hash is all that is needed to auto login into onedrive, outlook, or other apps?
It's not, the way log in systems work, is they take a password and hash it and check it against the user/password database. If you tried to give it a password hash, it would hash *that*, and it would not match. They'd have to already have hacked the login system, to manipulate this process in which case a compromised password hash is the least of your worries.
Pieter3dnow
Supreme [H]ardness
- Joined
- Jul 29, 2009
- Messages
- 6,784
Why you should never use MS products on their "Operating System".
Yes let's dump any software soon as it gets a security flaw. That would leave us with a nice hello world program or so to run.
Pieter3dnow
Supreme [H]ardness
- Joined
- Jul 29, 2009
- Messages
- 6,784
Yeah it never happened before that MS browser is used as a backdoor
rezerekted
2[H]4U
- Joined
- Apr 6, 2015
- Messages
- 3,054
Securom was close to 20 years old too but they had no problem disabling that in the name of security and breaking hundreds of games. Not just a few as Microsoft claimed. It's good they told us how to reverse but I am sure there are loads of people out there that don't know how to reverse it wondering why their favorite game no longer works.
Yeah it never happened before that MS browser is used as a backdoor
Yea, old security flaws, those are really something. Like heartbleed eh? Last I read on ars, it is still not fully patched a year later, let alone those fixes deployed to users. I think grown ups understand that all software has flaws, and it is a team effort to fix problems and motivate the programmers. Or you can troll forums like some kind of malware version of an ambulance chaser, shrug.
Oh and here are my test results for this 'issue': http://i.imgur.com/jN4EdjF.jpg
This system hasn't been modified at all, like I said I installed yesterday, if this requires the user to open up the firewall it is not going to be useful to bad guys.
Last edited:
I get this on the test page:
lol, why would I use a less secure browser? I guess I win while MS loses.
edit: tried it on IE...
I didn't change any firewall settings. This is on a system with a fresh copy of Win7 Ultimate installed less than 2 weeks ago.
lol, why would I use a less secure browser? I guess I win while MS loses.
edit: tried it on IE...
I didn't change any firewall settings. This is on a system with a fresh copy of Win7 Ultimate installed less than 2 weeks ago.