Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IE Flaw Gives Hackers Access To User Files

timothy posted more than 4 years ago | from the open-file-my-documents dept.

Internet Explorer 259

snydeq writes "Microsoft warned that a flaw in IE gives attackers access to files stored on a PC under certain conditions. 'Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,' Microsoft said in a security advisory. The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."

cancel ×

259 comments

*sigh* ... blame Netscape. (3, Insightful)

hey! (33014) | more than 4 years ago | (#31025842)

Had Microsoft not needed something to drive a stake through Netscape's heart, it wouldn't have needed to concoct it's own Frankenstein's monster of confused and misbegotten priorities.

WHY THE FUCK DO PEOPLE STILL USE IE? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31025932)

This is just fucking stupid. WHY DO PEOPLE AND BUSINESSES STILL USE IE?

We KNOW it's full of holes. Not just small ones, but literally, gaping goatse-sized holes. This is a perfect example, to go along with the hundreds of other problems we know of.

There are so many alternatives today! We are living in a time of plenty when it comes to browsers. I mean, we have Opera that runs just about everywhere. We have Firefox if you want extensibility. If you prefer the feel of the old Netscape Communicator suite, there's Seamonkey. If you want a fast browsing experience, use Chrome or Safari or Konqueror.

Legacy ActiveX controls just aren't enough of an excuse these days. If you're still using that piece of shit "technology", then you need to get your network off of the public Internet. You and your network are nothing but a disaster waiting to happen.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (2, Interesting)

calmofthestorm (1344385) | more than 4 years ago | (#31025980)

I read about vulns in Firefox pretty often too. Granted, IE's tend to be stupider and MS's policy of ignoring vulns until they're shoved in their faces with an in-the-wild exploit (and then only patching once a month) is pretty awful, but it's not like other browsers are a magic bullet.

That said, i wouldn't be caught dead using IE, nor let friends or family do it.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (1)

gstoddart (321705) | more than 4 years ago | (#31026340)

That said, i wouldn't be caught dead using IE, nor let friends or family do it.

I can't even begin to tell you the number of sites required by my previous employer that required IE, and there's always a couple here and there that want ActiveX or what have you.

I do 99% of my browsing in a Firefox with noscript installed and a fairly locked down policy. I have found I pretty much need to keep an IE laying about for those really stubborn sites which require it, and which I'm willing to use.

Generally, I agree with you though. I just can't seem to find it feasible to completely not have it, unfortunately. God knows, I've tried. :-P

Cheers

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (1, Troll)

sakdoctor (1087155) | more than 4 years ago | (#31026504)

You found sites that still need IE? Here in 2010?

If a site needs IE today, I don't need that particular site.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (3, Interesting)

sopssa (1498795) | more than 4 years ago | (#31026664)

If a site needs IE today, I don't need that particular site.

Good luck trying to tell that to your boss.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (0)

Anonymous Coward | more than 4 years ago | (#31026820)

You found sites that still need IE? Here in 2010?

If a site needs IE today, I don't need that particular site.

I needed it today to renew a Thawte certificate.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (0)

Anonymous Coward | more than 4 years ago | (#31026678)

I'm in a similar boat. There are plenty of sites out there that not just require IE... and in this gimptastic job market, working for a place that requires IE is better than being out on the streets.

So far, the worst of the bunch not just required IE, but had a 5 megabyte Flash intro. When I asked the Web designer about it, he claimed that nobody could steal images from his site if everything was wrapped in a .swf file.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (0, Troll)

petronije (1650685) | more than 4 years ago | (#31026920)

Psychology of "facebook generation" explains this behaviour - majority of people have the urge to show themselves (through pictures, texts, videos, etc.) to others.
This is also known as a form of exebitionism. Makers of IE know that very well and use it to their advantage - by having peepholes in their products in order to gain popularity. The percentage of people using their products just proves the theory.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (2, Insightful)

LikwidCirkel (1542097) | more than 4 years ago | (#31026006)

If you give people a free car with houses, that "works" enough to get to A to B, then how many people will make the effort to get a different free car if they're not aware that there is anything wrong with the first one?

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (0, Troll)

mcgrew (92797) | more than 4 years ago | (#31026316)

First, it's up to us to educate them. Second, if cars were free would you drive a Yugo or a Porche?

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (2, Insightful)

c_sd_m (995261) | more than 4 years ago | (#31026364)

The OP's point was closer to "if Fords were free, how many people would bother to buy Hondas?"

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (0)

Anonymous Coward | more than 4 years ago | (#31026416)

If you maintain a site, help people out. Code to the standards, and don't use any IE hacks.

First off you have just saved yourself time, and most IE users are too retarded to notice that the site is degraded; they probably can't even see most of your site under all the "tool bars" and pop-ups.
Secondly, if they see the site in someone else's browser, they will be curious as to why it looks like ass on their computer.

Congratulations. User educated.

ps. You have to make them understand that they are in the fucking ghetto before they will want out.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#31026694)

It doesn't work like that. There are billions of sites on the internet. If your site doesn't work with them, they go somewhere else. And it would be quite stupid to ignore a browser that holds the largest market share. Sad, but true.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31026294)

Because none of the browsers you listed are as easily configured enterprise wide as IE is with group policies.

Mod parent UP! (0)

Anonymous Coward | more than 4 years ago | (#31026478)

Mod parent UP!

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (2, Insightful)

sopssa (1498795) | more than 4 years ago | (#31026728)

Because none of the browsers you listed are as easily configured enterprise wide as IE is with group policies.

Exactly. This is a thing OSS developers usually miss. They develop primarily for home users or single users and have no idea how it works in work place, while MS understands a need for enterprise solutions.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (1, Redundant)

mlts (1038732) | more than 4 years ago | (#31026744)

Devil's advocate: The parent AC post stated one of the biggest reasons why IE is prevalent. The other is that IE is part of the OS. Because of this, it is already vetted by the legal eagles, the licensing bean counters, and the other muckety-mucks you find in larger companies. There is no need to get IE approved as part of an official corporate image, because it is present, like it or not. So, companies tend to use it because it is there, it has decent security on Vista and Windows 7 (especially combined with DEP), and can be controlled by GPOs.

Re:WHY THE FUCK DO PEOPLE STILL USE IE? (0)

Anonymous Coward | more than 4 years ago | (#31026912)

Try going to windows update without IE.
Try running protools with IE8

Re:*sigh* ... blame Netscape. (1)

maxume (22995) | more than 4 years ago | (#31026346)

IT WAS TIM BERNERS-LEE!

Micro$oft (2, Funny)

hellraizer (1689320) | more than 4 years ago | (#31025846)

it really whips the user's ass :)

Steam (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31025858)

Yet another reason for games to stop using IE as their built in patcher/notification/whatever. If you really need to display an HTML file, let the system display it with whatever the configured default is.

Re:Steam (5, Interesting)

legio_noctis (1411089) | more than 4 years ago | (#31026560)

Unfortunately, the thread asking for Webkit in Steam at http://forums.steampowered.com/forums/showthread.php?t=861863 [steampowered.com] demonstrates how clueless the average gamer is about standards etc.

Some choice quotations:

"ie is fine"

"I'd rather not have steam bloated with redundant tech right now."

"Also W3C != Web Standards, and IE aren't the only ones not complying with the "standards", Firefox didn't comply with all W3C published recommendations either.(Don't know if that's still the case) [...] Microsoft is a business, and they don't want to take the blame because of a third parties inabillity to properly design websites. That is their design goal, and as the W3C isn't enforcable, as it's not considered a standard"

"It works, it is secure and it isn't that slow"

"IE is fine, and so was Windows 98."

"there is nothing wrong with the day-to-day performance of Trident."

Re:Steam (2, Informative)

sopssa (1498795) | more than 4 years ago | (#31026904)

Well to be fair, they are somewhat correct. While I don't like the clunky browsing withing steam or the in-game overlay, switching over to other engine would be a lot of work and testing to Valve and could create even more problems to users. And that's all while the browser component is a side thing.

For example IE and it's embedded component is supported on all versions of Windows. If Steam were to integrate their own browsing engine, they would have to make sure it works for 100% of users and they would have to maintain it. IE works in all situations as long as it already works for the user (which is pretty much every case) and the component gets updated along when user updates IE.

While I myself care a lot about standards, I don't see why an average gamer would do so. It already works well enough and is stable, so there's little to gain over the amount of added work it would put on Valve. I'm not even sure if any browser engine including Webkit can draw on DirectX surface anyway - they would have to the draw window contents to bitmap -> transfer to texture -> draw on DX surface anyway.

This is bad. (5, Insightful)

Buelldozer (713671) | more than 4 years ago | (#31025860)

When you go to my website I know what the cookie name is and I know the default file system location for that cookie. This one seems pretty bad.

Re:This is bad. (0)

Z34107 (925136) | more than 4 years ago | (#31026054)

So, this flaw would let you read that cookie. Which I'm pretty sure you can do without hacking.

I was going to mod you +1, Funny, but I was worried you were serious. ^_^

Re:This is bad. (1)

Buelldozer (713671) | more than 4 years ago | (#31026146)

I was serious. :-D

I'm not a programmer nor a webmaster so this stuff is a bit opaque for me.

However, now that I know your computer is vulnerable (by using this method to access my own cookie) what would prevent me from going on a fishing trip for other cookies? Say...ones from your bank, or Amazon, or other high value websites?

Package that up into a script and you could probably scan for 1,000 different cookies in the time it took you to read my post.

Re:This is bad. (2, Insightful)

Z34107 (925136) | more than 4 years ago | (#31026354)

Package that up into a script and you could probably scan for 1,000 different cookies in the time it took you to read my post.

Definitely! Reading everyone else's cookie is much more interesting than using an exploit to read your own cookies! :P

Re:This is bad. (0)

Anonymous Coward | more than 4 years ago | (#31026692)

Package that up into a script and you could probably scan for 1,000 different cookies in the time it took you to read my post.

And then what would you have? Do you even know?

Re:This is bad. (2, Funny)

Pastis (145655) | more than 4 years ago | (#31026818)

1000 cookies! Fast way to a diet !

Re:This is bad. (1)

FlyingBishop (1293238) | more than 4 years ago | (#31026870)

1. Look at what tax-preparation websites the user has visited.
2. You can easily determine where all of the two or three American tax agencies store tax info. Look there. You'll net probably 50% of your targets.

As long as you're rooting around, might as well scan for any files named /password.*/, and send them back to control, along with a list of all sites with cookies.

I wonder... (5, Insightful)

Ismene (680764) | more than 4 years ago | (#31025868)

I wonder how many people have a "passwords.txt" file in their Documents. ;-)

Re:I wonder... (5, Funny)

byrdfl3w (1193387) | more than 4 years ago | (#31026010)

Whew! Thanks! I deleted all my password.txt files before some nasty hacker got to me.
Now I gotta tell my friends about this! Hold on while I log..

Oh crap.

Flawed (4, Insightful)

mcgrew (92797) | more than 4 years ago | (#31025874)

an attacker may be able to access files with an already known filename and location

One more reason not to keep your files in "My Documents". That part is easily guessed; "2009 Income Tax Returns" would be easy to guess as well.

"Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008," it said.

Does XP have a protected mode? That's the version of Windows most people use IINM. Is this a ploy to get people to upgrade from XP?

Microsoft hasn't seen any attacks that exploit the flaw and has yet to decide whether to repair the flaw through its monthly security patch release cycle or an urgent, out-of-cycle update.

Has yet to decide whether to repair it? Hmmm... Ok, they're trying to decide when to. How about doing what every other browser company does and give us the patch NOW?

Re:Flawed (3, Insightful)

radish (98371) | more than 4 years ago | (#31026032)

Is this a ploy to get people to upgrade from XP?

I'd say it's (yet another) reason to stop using a 9 year old OS. How many of the major linux distros still support versions that old? How many people would recommend continuing to run a version that old?

Re:Flawed (1)

Seth Kriticos (1227934) | more than 4 years ago | (#31026110)

I have to agree. I'm open for 4-5 years of long term support for server OS's and very stable versions, but 9 years is just ridiculous.. well, would be normally, but there was not much option after XP for a long while and then came Vista.. go figure.

Re:Flawed (1)

maxume (22995) | more than 4 years ago | (#31026392)

It isn't completely unreasonable to start that clock at the release of the most recent service pack.

Re:Flawed (1)

mcgrew (92797) | more than 4 years ago | (#31026498)

How many of the major linux distros still support versions that old?

We don't have to as it's free, but there would be a lot more if Linux cost $500 ($100 for a "home version" upgrade) like Windows does. Lots of people don't even pay $500 for their computer.

Re:Flawed (0, Troll)

Joey Vegetables (686525) | more than 4 years ago | (#31026782)

Price is not the only reason people prefer Free as in Freedom. I for one would rather pay $500 for Linux than to use Windows at no cost, even if Windows were better suited to my needs than Linux rather than the other way around. Freedom is what matters most to me, not price. Freedom doesn't guarantee that there won't be problems, but it does guarantee that you and your data will not be held hostage by them. Likewise it doesn't guarantee perfect security, but it does mean that security problems can, and very likely will, be found and fixed.

Re:Flawed (1)

Antiocheian (859870) | more than 4 years ago | (#31026866)

Actually it's a reason to stop using a 14-year old browser-OS embedding approach, insecure by design, and switch to Firefox, whatever the operating system. That's the best way to keep you secure on the web.

As for the OS, use the fastest and combine it with a good antivirus and a HIPS firewall.

Which is the fastest OS ?

Re:Flawed (1)

notseamus (1295248) | more than 4 years ago | (#31026102)

I can see this being a big problem for business users too.

We issue all files to external parties as pdfs/dwfs so they're basically read only, but there's a tracker reference for internal use which is on this, and I've seen this a lot before too, so I imagine that it could expose something that is supposed to be locked away for contractual reasons to being accessed, modified and distributed.

We also use XP, some essential software can't handle 64 bit xp, nevermind Win 7, so we're stuck here for a while at least (or until Microsoft stops supporting XP, and everyone is forced to switch. The sooner the better).

Re:Flawed (1)

Dracos (107777) | more than 4 years ago | (#31026154)

Well, what blackhat could pass up easy access to anything in C:\WINNT\system32, or the paging file, or any other critical file, from the web?

Re:Flawed (2, Informative)

Anonymous Coward | more than 4 years ago | (#31026162)

> Has yet to decide whether to repair it?

No, has yet to decide whether to repair it now or wait until Patch Tuesday.

There are plenty of legitimate reasons to criticise Microsoft (like leaving things unpatched until Patch Tuesday) but misinterpreting their statements doesn't help anybody.

Re:Flawed (0)

Anonymous Coward | more than 4 years ago | (#31026204)

XP doesn't have protected mode. It's part of Vista's vastly improved security model. It's part of UAC (though sometimes on slashdot UAC is taken to mean just the UAC privilege-escalation prompt). It's pretty much the most fundamental difference between XP and later versions.

Re:Flawed (1)

Velorium (1068080) | more than 4 years ago | (#31026222)

No kidding. What's there to decide? If you have it ready and it's something as big as this, just release it. I really don't understand.

Re:Flawed (1)

rdavidson3 (844790) | more than 4 years ago | (#31026248)

One more reason not to keep your files in "My Documents".

Problem with that logic on windows 7 is that "My documents" are stored in the "c:\users\xxxxxx\Documents" folder. Now the hacker needs to figure out what the xxxxx is.

Maybe this is different under windows 7 (or any other version) when the computer is not on a domain.

Re:Flawed (3, Insightful)

Leynos (172919) | more than 4 years ago | (#31026384)

C:\users\%USERNAME%\Documents anyone?

Re:Flawed (1)

rdavidson3 (844790) | more than 4 years ago | (#31026408)

Good point. Mod the parent up for it.

Re:Flawed (1)

Tikkun (992269) | more than 4 years ago | (#31026430)

1. Open Windows Explorer.

2. Enter "%homepath%\Documents" into the address bar and press enter.

3. Profit!

Re:Flawed (1)

maxume (22995) | more than 4 years ago | (#31026482)

On XP, cookies are stored in "C:\Documents and Settings\xxxxx\Cookies", so if the path to a cookie can be read, xxxxx is pretty trivial to determine.

Re:Flawed (0)

Anonymous Coward | more than 4 years ago | (#31026554)

%USERPROFILE%\Documents would get you there.

Re:Flawed (1)

thePowerOfGrayskull (905905) | more than 4 years ago | (#31026754)

No, it's the same back to Win2000. But still - you've got a better-than-fair chance of success if you run a series of values like "john", "pete" for XXX and "password.txt" for the file name.

Re:Flawed (1)

natehoy (1608657) | more than 4 years ago | (#31026770)

Actually, in Windows XP, it's C:\Documents and Settings\(username)\My Documents. That's true whether you are on a domain or not. So that is certainly a mitigating factor even back in XP, because a remote attacker is unlikely to know (username).

However, that's not the case on some machines. The default install from most manufacturers is one preinstalled user, who is Admin, with a default username set by the manufacturer. Dell uses "Default" for this, last I knew. So a lot of people are still vulnerable to this. And the most vulnerable to it are going to be the ones who know the least about how to prevent it.

They get their Dell, never see a login, are never aware that their username on the machine is "Default", are never aware that Internet Explorer is not the only web browser or why they should take the trouble to switch, and they use the preinstalled Quicken or MS Money to do their checkbooks. C:\Documents and Settings\Default\My Documents\Quicken\Quicken.qw (or whatever the default filename and extension is for saved Quicken files) would probably get a readable result from around 1% of machines out there, at a guess.

Re:Flawed (1)

Z34107 (925136) | more than 4 years ago | (#31026480)

You might not even have to guess the tax-returns folder. I wonder if you could iterate through all possible files/paths inside My Documents and brute-force a listing.

Re:Flawed (1)

Carnildo (712617) | more than 4 years ago | (#31026834)

I wonder if you could iterate through all possible files/paths inside My Documents and brute-force a listing.

It's possible but not practical. A decade ago I did this as part of a proof-of-concept virus; iterating through all possible 8.3 filenames would have taken just under a century.

financial information vulnerable (4, Funny)

commodoresloat (172735) | more than 4 years ago | (#31026580)

That part is easily guessed; "2009 Income Tax Returns" would be easy to guess as well.

Oh shit ... hackers can find out how broke I really am!!

Re:Flawed (1)

grcumb (781340) | more than 4 years ago | (#31026698)

an attacker may be able to access files with an already known filename and location

One more reason not to keep your files in "My Documents". That part is easily guessed; "2009 Income Tax Returns" would be easy to guess as well.

I'd be more concerned about the accessibility of files like Normal.dot - the default MS Word template. Stick an autoexec macro in there, and you'll learn quite a bit about the system.

Understanding Protected Mode (1)

Bacon Bits (926911) | more than 4 years ago | (#31026706)

Protected Mode is the "sandbox" feature present in IE7 and IE8. It uses UAC that's in both Vista and 7 to run in an even more limited fashion, but not in XP. If you've got UAC disabled, you're not running Protected Mode and you're vulnerable. There are other [mydigitallife.info] ways which Protected Mode can be disabled.

It's best to check out the blog entry on the MSRC [technet.com] and the Knowledge Base article [microsoft.com] .

We now return to your regularly scheduled Microsoft bashing and Linux referrals already in progress.

Re:Flawed (1)

mlts (1038732) | more than 4 years ago | (#31026788)

XP does not have a protected mode. The next best thing would be to run a virtual machine utility and browse in that. Then when done browsing, close the VM and have all changes rolled back to the previous snapshot. If you want bookmarks preserved, put that directory on another virtual drive that keeps its state (and doesn't get rolled back like the system.)

Barring running in a VM, you can create a non-admin user in XP, switch to that for your Web browsing, and only use that user for browsing. Your sensitive documents and such would remain on your main user.

c:\Windows\System32\ (3, Insightful)

LikwidCirkel (1542097) | more than 4 years ago | (#31025884)

Hmm.. the most obvious predictable file names are conveniently the most dangerous for someone to have access to.

Re:c:\Windows\System32\ (2, Insightful)

hellraizer (1689320) | more than 4 years ago | (#31025940)

hijacking dns through hosts.txt has never been as easy :D

Re:c:\Windows\System32\ (3, Informative)

radish (98371) | more than 4 years ago | (#31025998)

Except as far as I can tell from the advisory, the files are read only.

Re:c:\Windows\System32\ (2, Interesting)

pipatron (966506) | more than 4 years ago | (#31026026)

Actually, a very important distinction of the word "access" was not mentioned. This flaw only seem to give read access to the files, so you can not just modify any file you wish.

It's still a major security flaw, of course, but will be slightly more difficult to exploit. It's great for targeted phishing though. You'll be able to find out a lot about the target.

Re:c:\Windows\System32\ (3, Insightful)

hawaiian717 (559933) | more than 4 years ago | (#31026148)

C:\windows\system32\config\sam

Read-only access is all you need...

Re:c:\Windows\System32\ (0)

Anonymous Coward | more than 4 years ago | (#31026906)

I thought most people's windows password were stupid shit like 12345 and vastly different than their real password.

Re:c:\Windows\System32\ (0)

Anonymous Coward | more than 4 years ago | (#31025964)

That's why I install the Windows OS on my Z drive.

Re:c:\Windows\System32\ (1)

Z34107 (925136) | more than 4 years ago | (#31026322)

That's why I install the Windows OS on my Z drive.

Then you're running a vulnerable operating system. For compatibility with brittle programs, Vista and 7 label whatever drive they booted from "C."

Re:c:\Windows\System32\ (3, Interesting)

eln (21727) | more than 4 years ago | (#31025992)

The article seems to suggest (although does not explicitly state) that the hacker would be able to read the files, not overwrite them. If that's the case, I don't see why the System32 directory would be that important, unless you keep secret data embedded in your system binaries.

Re:c:\Windows\System32\ (3, Insightful)

WillAffleckUW (858324) | more than 4 years ago | (#31026350)

yeah, it's not like there are stored connection strings to databases ... um ...

CVE-2010-0255 (2, Informative)

Anonymous Coward | more than 4 years ago | (#31025908)

Core Security Advisory FTW [coresecurity.com]

Holy Flashback, Batman?! (1, Offtopic)

creimer (824291) | more than 4 years ago | (#31025990)

The last time I dealt with "protected mode" on a 80286 [wikipedia.org] CPU when DOS ruled the world. I had an ISA memory card that could page memory above the 1024K limit for applications or as a RAM drive.

Re:Holy Flashback, Batman?! (1)

Cro Magnon (467622) | more than 4 years ago | (#31026242)

My first thought when I saw "Protected Mode" was that anyone who is still using an 8088 deserves to get pwned.

Re:Holy Flashback, Batman?! (1)

maxume (22995) | more than 4 years ago | (#31026296)

Every modern OS that runs on an x86 runs in protected mode.

But this is something else (A sandbox present in Vista and later versions of Windows).

Re:Holy Flashback, Batman?! (2, Informative)

Z34107 (925136) | more than 4 years ago | (#31026636)

"Protected mode" is a marketing term meaning IE takes advantage of Vista's new permissions model. It means it's a low-privilege process and has most of its file system access effectively jailed or redirected.

Long-winded article here [microsoft.com] , but I'm guessing the hack doesn't work in "Protected Mode" because the browser itself doesn't have much file system access.

my documents, downloads, photos, (1)

revboden (1736848) | more than 4 years ago | (#31025996)

Huh... what folder names are on almost all MS machines?.. yea that's a hard one

You mean like (2, Insightful)

deliciousmonster (712224) | more than 4 years ago | (#31026044)

c:\windows\system\kernel32.dll?

Re:You mean like (0)

Anonymous Coward | more than 4 years ago | (#31026078)

I'd like to see what benefit reading that would have to an attacker. I'd also like to see you try to delete it or overwrite it even will full admin access rights. Somehow, I suspect it won't work.

So that... (0)

Anonymous Coward | more than 4 years ago | (#31026052)

... is how online virus scanners work. They know the name of all default install files on my pc. I wonder how they work when browser is firefox running on linux? And what do they find?

I'm really getting sick of this excuse (4, Insightful)

apparently (756613) | more than 4 years ago | (#31026076)

"The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."

Good thing no one knows to look for: "%USERPROFILE%\My Documents\Quicken\qdata.qdf"

Modifying hosts.txt (2, Insightful)

Jorl17 (1716772) | more than 4 years ago | (#31026108)

Modifying hosts.txt could be one of the biggest issues with this one. And yet, it's just another flaw much like there are hundreds of others in any browser.

Re:Modifying hosts.txt (2, Informative)

natehoy (1608657) | more than 4 years ago | (#31026464)

Actually, the security advisory describes the attack, and while the remote attacker would have access to any file the local user does, it does not appear the file could be altered, just copied or examined. The security bulletin never lays this out in uncertain terms, but the description of the actual process looks like a read-only one.

Given that Windows usually stores important stuff in c:\Documents and Settings\(username)\blahblah, the remote attacker would have to know (username) before they could get to the juicy stuff. And that's just not all that practical in a remote attack scenario. Most of the truly known paths just don't contain a lot of common filenames that are unique and contain important data.

Still, Protected mode in Vista and above protects you, and the bulletin shows a workaround for Windows XP (set the file:// protocol so it can't run ActiveX even locally).

And there's always a better browser, which would be defined pretty much as anything without ActiveX. But that's a given.

Re:Modifying hosts.txt (1)

Jorl17 (1716772) | more than 4 years ago | (#31026508)

You are correct and I should be shot ;) Either way, other flaws which allow this are equally dangerous.

WinNix (1)

zerointeger (1587877) | more than 4 years ago | (#31026144)

NEW IMPROVED SECURITY IN WINDOWS VERSION 99999!!! *Slipped in a BSD *nix based OS under our fancy gui*

Re:WinNix (0)

Anonymous Coward | more than 4 years ago | (#31026226)

That joke was never funny, and gets less so with each retelling.

Only under certain circumstances. (4, Funny)

140Mandak262Jamuna (970587) | more than 4 years ago | (#31026218)

There is nothing to see here folks, move on. The bug kicks in only under certain circumstances. The circumstances are apparently running a Windows system with Internet Explorer as the default browser. Come on, how many slashdotters do that?

Re:Only under certain circumstances. (1)

mcgrew (92797) | more than 4 years ago | (#31026462)

The circumstances are apparently running a Windows system with Internet Explorer as the default browser. Come on, how many slashdotters do that?

I'd say close to 100% of the people who work for Microsoft, all of whom I'd guess are on slashdot.

Re:Only under certain circumstances. (1)

natehoy (1608657) | more than 4 years ago | (#31026840)

Right, but they are all running Windows 7.

My company runs XP, and provides IE6 by default. So did my last two companies. Not that I use IE for anything but the Intranet, but most people still use it for all their browsing needs.

Windows.edb = windows search index (5, Interesting)

electrogeist (1345919) | more than 4 years ago | (#31026330)

If they grab the windows search index file then they'd have a map to everything else?

get \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (vista)
or \All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (xp)

and http://www.simplecarver.com/tool.php?toolname=Windows Search Index Extractor

My filenames: (1)

stimpleton (732392) | more than 4 years ago | (#31026332)

Hi have tourettes. This manifests in two situations, when ordering at a drive-thru and, oddly, when coming up with a file name. I think I am safe from this attack: whoreShitSlittySlutFuckCrevice.rtf

Re:My filenames: (1)

dtolman (688781) | more than 4 years ago | (#31026900)

Uh oh - I have the exact same filename. Best to change them to some really unguessable (and horrific) file names: MyLittlePonyRules.rtf IHeartStrawberryShortcake.xls MadeleineAlbrightNaked.jpeg

Note to self: buy iPad soonest (1)

WillAffleckUW (858324) | more than 4 years ago | (#31026334)

Hmmm. Looks like I might have to buy an iPad sooner than I was expecting.

Re:Note to self: buy iPad soonest (1)

ColdWetDog (752185) | more than 4 years ago | (#31026716)

That time of ....

Sorry, never mind.

Firefox Mode (2, Funny)

markalot (67322) | more than 4 years ago | (#31026352)

I run IE in Firefox mode, so I think I'm protected. ;)

In other news (1)

Com2Kid (142006) | more than 4 years ago | (#31026382)

If you purposefully disable security features, you become more vulnerable to security exploits!

Duh.

Question (1)

ShooterNeo (555040) | more than 4 years ago | (#31026470)

Couldn't you access some kind of index file that would allow you to find everything else? Or are those files too low level for it to be accessed this way?

Re:Question (1)

electrogeist (1345919) | more than 4 years ago | (#31026608)

That's what I was thinking...
http://tech.slashdot.org/comments.pl?sid=1537550&cid=31026330

Known file names? (1)

WoodenTable (1434059) | more than 4 years ago | (#31026514)

Hmmm. Does that mean I should rename the passwords.txt file I have on my desktop? Maybe something like kittens.txt? That sounds more secure to me. What do you think?

Hmm, how about the document search index? (2, Insightful)

Jason Pollock (45537) | more than 4 years ago | (#31026648)

Because there isn't an easily found, well known file that is a handy index of all of the files on your system:

\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb

http://en.wikipedia.org/wiki/Windows_Search [wikipedia.org]

You mean like... (3, Interesting)

Sfing_ter (99478) | more than 4 years ago | (#31026658)

You mean like...
C:\users\%username%\AppData\Local\Microsoft\Outlook\outlook.pst?
hmmm...??? like that?

I can see it coming.... (2, Funny)

Asadullah Ahmad (1608869) | more than 4 years ago | (#31026700)

If things keep going like this regarding Microsoft and clever words, pretty soon this will be on Slashdot:

"Microsoft has announced that it is investigating a vulnerability in IE where an attacker can gain access to customer's computer if they are connected to Internet. But as all versions of Windows do not have internet access by default, most users are not vulnerable"

.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...