×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Netflix Users In Danger of Unknowingly Picking Up Malware

Unknown Lamer posted about 5 months ago | from the perils-of-deprecated-proprietary-software dept.

Bug 153

An anonymous reader writes "Users of Silverlight, Microsoft's answer to Adobe Flash, are in danger of having malware installed on their computers and being none the wiser, as an exploit for a critical vulnerability (CVE-2013-0634) in the app framework has been added to the Angler exploit kit. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements." You'd think something like Silverlight would automatically upgrade itself.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

153 comments

Automatic upgrade (5, Informative)

Mr_Silver (213637) | about 5 months ago | (#45461411)

You'd think something like Silverlight would automatically upgrade itself.

It will, assuming that it's given a critical priority within Windows Update and the user has their machine set up to automatically download and install updates.

Come on, this is basic Windows stuff. Can we get someone on the Slashdot staff that has actually some experience of the operating system in use by 96% of the population please?

Re:Automatic upgrade (5, Informative)

DaHat (247651) | about 5 months ago | (#45461433)

If one looks at the link to CVE-2013-0634, there is a link to a MS Security Bulletin [microsoft.com] first posted in March 2013 & last updated in April... even saying:

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

Way to go editors... this bug was reported & fixed 7 months ago and only now are we to get paranoid over what it could do if Windows Update isn't enabled? sheesh

Re:Automatic upgrade (5, Funny)

Anonymous Coward | about 5 months ago | (#45461493)

But the headline, it's so scary. Netflix users BEWARE! There be DRAGONS ahead. Boo!

Re:Automatic upgrade (4, Funny)

TWiTfan (2887093) | about 5 months ago | (#45462503)

I hear you can get pregnant just by watching Netflix on an unpatched computer!

Re:Automatic upgrade (1)

The Grim Reefer (1162755) | about 5 months ago | (#45463115)

I hear you can get pregnant just by watching Netflix on an unpatched computer!

I don't know about that. But I did notice that ever since Silverlight got into my house the glue has disappeared from the bindings in all of my books. I thought it was a coincidence. But upon further consideration, I seem to be watching more movies from Netflix since the pages of my books keep falling out faster than I can read them.

Re:Automatic upgrade (1)

g0bshiTe (596213) | about 5 months ago | (#45462891)

I'm too lazy to RTFA, where exactly did Netflix come into play? Is my Roku running silverlight? As far as I know I don't have silverlight running on any of my devices.

Re:Automatic upgrade (1)

SQLGuru (980662) | about 5 months ago | (#45463427)

Just more FUD. Netflix is just one of the biggest reasons that people have Silverlight installed. Therefore, Netflix is the reason that you are vulnerable.

Re:Automatic upgrade (0)

Anonymous Coward | about 5 months ago | (#45464141)

It's not netflix related at all, the OP is a douchebag sensationlist. This is known and patched Silverlight bug.

Re:Automatic upgrade (1)

jedidiah (1196) | about 5 months ago | (#45464249)

> It's not netflix related at all, the OP is a douchebag sensationlist. This is known and patched Silverlight bug.

Netflix is probably the ONLY example of a Silverlight dependent website that any of us can think of.

If not for Netflix, this bug would be totally irrelevant to most people.

Hey come on, gotta hate on MS! (5, Insightful)

Sycraft-fu (314770) | about 5 months ago | (#45461621)

I mean if some random shit "security blog" posts a trumped up story to try and get traffic, it is Slashdot's DUTY to repeat it here, with no checking or verification! After all, better everyone is scared of their own shadow than informed about security.

Seriously this is just pathetic. As I said: This is some random ass site that is trying to get people to come and read, and it worked. By making a scare story about how Netlfix users on Windows are vulnerable they managed to get some Linux fanboy to submit the story to Slashdot. The editors then did what they do, which is to say NOT EDIT and just posted it. Great success for shit site, they now got a bunch of undeserved traffic.

What is sadder is how uninformed this makes all involved look. the statement of "You'd think something like Silverlight would automatically upgrade itself." Yes, it DOES you fucking moron. One thing you have to give MS is that Windows update will patch all their stuff for you. Let it do its thing and you get security updates, as they are released. You don't need to pay attention or anything, it'll just happen. This includes things not installed by default like Silverlight, or older versions of the .NET runtimes.

This is just a massive pile of fail. It is not news, not even really old news. There was a bug, they patched it. This would be "how shit works", or at least how it should.

Re:Hey come on, gotta hate on MS! (4, Funny)

ApplePy (2703131) | about 5 months ago | (#45461819)

That's ridiculous. How would it automatically update itself? Windows doesn't even have the basic tools for it, like apt and cron!

Re:Hey come on, gotta hate on MS! (2)

camperdave (969942) | about 5 months ago | (#45462167)

Windows can do some scary stuff. My laptop BIOS does not have the ability to set a time to wake the machine. Yet for weeks I would find the laptop had gone from a completely powered off state to a completely drained battery overnight while sitting in my backpack. When I turned off the automatic update feature of Windows, the mysterious behaviour stopped. Somehow, Windows would power up the laptop in the middle of the night, and it would sit at a GRUB prompt until the batteries were drained.

Re: Hey come on, gotta hate on MS! (2)

jrumney (197329) | about 5 months ago | (#45462201)

I remember when Intel added power on timers to the BIOS specification and released some software for configuring it. I think I was using a 386DX40 desktop at the time I tested it out. Your BIOS has the feature even if it doesn't expose it in the BIOS setup UI. Its the kind of feature that doesn't make sense as a standalone feature so its provided more for the OS to use.

Re:Hey come on, gotta hate on MS! (1)

LordLimecat (1103839) | about 5 months ago | (#45463749)

Windows cant power the laptop up. Something else is at work-- probably a BIOS setting to power your laptop on when power is restored (power outage / power comes back, computer will boot up).

Stop and consider basic Operating Systems 101: The OS cannot run unless it is loaded into memory, and the CPU is active. If it isnt loaded into memory and the CPU isnt active, "windows" cant do anything.

Re:Hey come on, gotta hate on MS! (1)

ColdWetDog (752185) | about 5 months ago | (#45463863)

That's from the trolls. They hide underneath the BIOS and wake everybody up at 3:00 AM (because they're trolls).

It's what you get for hanging around here.....

Re:Hey come on, gotta hate on MS! (1)

Deathlizard (115856) | about 5 months ago | (#45462651)

This is nothing compared to the .Net Firefox plugin [slashdot.org]

If Slashdot put as much effort in denouncing that plugin into Actual malicious plugins like Conduit, Dealio and the like, the world would be a better place.

Re:Hey come on, gotta hate on MS! (1)

g0bshiTe (596213) | about 5 months ago | (#45462933)

Any administrator worth their weight doesn't let MS be rogue and update itself. You never know when KB-OMGWTFISTHIS will be incompatible with Driver_l()()t_d()()d.

Re:Hey come on, gotta hate on MS! (1)

LordLimecat (1103839) | about 5 months ago | (#45463843)

Epic troll fail. Anyone whose done any sort of systems admin knows that Windows update is probably the LEAST likely of system updaters to cause problems.

Another explanation (1)

Zontar_Thing_From_Ve (949321) | about 5 months ago | (#45463165)

I mean if some random shit "security blog" posts a trumped up story to try and get traffic, it is Slashdot's DUTY to repeat it here, with no checking or verification! After all, better everyone is scared of their own shadow than informed about security.

Well, around here there is a massive reading comprehension fail in submitters so that may be a big part of this submission. For example, if someone somewhere writes an article that says basically "Not X. Definitely not X. It may be A-W, Y or Z but it's definitely not X. Anything but X." then the submitter will post and scream "X! They said it was X! The sky is falling! It's X!!!". It does get old.

Re:Hey come on, gotta hate on MS! (0)

Anonymous Coward | about 5 months ago | (#45463887)

I turned that off when the a patch destroyed my wireless drivers.

Re:Automatic upgrade (0)

Anonymous Coward | about 5 months ago | (#45462237)

Way to go editors... this bug was reported & fixed 7 months ago and only now are we to get paranoid over what it could do if Windows Update isn't enabled? sheesh

Well, i had my automatic updates disabled because security and privacy issues, they where a way of infection with NSAs mallware unsolicited code... and a way to constanly monitor my position in the network (Joke) ;-P

Re:Automatic upgrade (0)

Anonymous Coward | about 5 months ago | (#45462397)

Yea, let's make everyone paranoid over this. If I was Netflix I would be upset about they way this is worded. Its not like Netflix has any malware associated with it.
Just because they use Silverlight they are the problem? Microsoft and plenty other sites used Silverlight too? Why mention only Netflix?

Re:Automatic upgrade (0)

Anonymous Coward | about 5 months ago | (#45462863)

I have Windows Update active, just last week I received several updates.

Yet, when I check Firefox plugins, I find Silverlight there (though I never installed it in Firefox, what kind of malware is this?), and it is listed as vulnerable.

Re:Automatic upgrade (1)

phorm (591458) | about 5 months ago | (#45464303)

Not only that, but every now and then when I access Netflix with an older Silverlight version, it *does* prompt me to upgrade. This includes on Mac and older WinXP systems.

Re:Automatic upgrade (0)

Anonymous Coward | about 5 months ago | (#45461873)

You'd think something like Silverlight would automatically upgrade itself.

It will, assuming that it's given a critical priority within Windows Update and the user has their machine set up to automatically download and install updates.

Come on, this is basic Windows stuff. Can we get someone on the Slashdot staff that has actually some experience of the operating system in use by 96% of the population please?

I believe he was referring to Adobes rather (non-unique and very common) ability to upgrade itself, without the constraints or reliance upon yet another updater, even if we're talking about THE updater for Windows. Seems thousands of other programs stand on their own.

Come on, this is basic computer stuff. Can we get someone at Redmond to understand that obviously Windows Update is not the end-all-be-all to security in the operating system in use by 96% of the population please?

Re:Automatic upgrade (1)

hairyfeet (841228) | about 5 months ago | (#45462269)

What do you expect, most of the MSFT bashing here is based on shit that ended with XP. As someone who works on Windows systems 6 days a week i can say that a modern Windows system (Vista on up) with automatic updates and a browser that recognizes low rights mode (IE or any Chromium based) is one tough nut to crack, in fact the only infections I see with any regularity are ones where the writer used social engineering to get the user to bypass the OS security. Sadly no matter how well MSFT hardens the OS you can't fix PEBKAC as those million infected Android devices can attest to.

As for TFA no matter what the security risk I'd GLADLY take SL and Flash over the fucking trainwreck that is HTML V5! Sure having a plug in may not be the most "elegant" way to do things but ya know what? At least it doesn't gobble down RAM and CPU like a fat guy at an all you can eat buffet! While I'd be the first to admit that we could and should be able to do better than Flash and SL I'm sorry but HTML V5 isn't the way, measure it any way you like and you'll find it scores WORSE than Flash and SL by a long shot, RAM, CPU, hell if the mobile device doesn't have hardware acceleration for H.264 all you are gonna get is a slideshow.

Re:Automatic upgrade (1)

g0bshiTe (596213) | about 5 months ago | (#45463095)

Switch to *nix, instead of fixing them 6 days a week they work.

Kidding, kidding before you decry me as a *nix zealot though I do use it regularly, I find that neither OS is 1 size fits all. There are things I love in nix and things I love in Windows barring Windows 8 of course. I never let it update without looking over what it wants to push.

And you are right since MS isolated Session0 it has been much tougher for me to find a compromised system on my network as long as users don't run with elevated privies. If an infection does get it, blow out the user account recreate and a reboot and it's clean.

Re:Automatic upgrade (0)

Anonymous Coward | about 5 months ago | (#45462381)

Yea, they push Bing toolbar and Bing desktop and even make IE a priority update but cannot update Silverlight? Luckily many sites that use Silverlight do prompt you if your running a older version. I know my Silverlight has a automatic update enabled. So maybe it updates in the background? I know I never get any prompts to install them.

George Zimmerman (-1)

Anonymous Coward | about 5 months ago | (#45461413)

George Zimmerman is always unknowingly defending himself against unarmed women and children.

What another brave example of self defense this negro-killer did when he shoved his girlfirend out of her own house after pointing a gun at her.

Republicans are right to praise this negro-killer for his brave self defense.

Re:George Zimmerman (-1)

Anonymous Coward | about 5 months ago | (#45461693)

And Democrats are right to praise Obama for the Affordable Care Act which will end up killing and driving into bankruptcy millions.

Silverlight *does* patch automatically ... (5, Informative)

cdrnet (1582149) | about 5 months ago | (#45461423)

From the related MS13-022 security bulletin: "Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. "

Unless you're one of those "smart" people that use windows but disable windows update ...

Re:Silverlight *does* patch automatically ... (5, Funny)

Anonymous Coward | about 5 months ago | (#45461481)

Unless you're one of those "smart" people that use windows

I usually take the stairs or the elevator, but I guess if you're in a hurry....

Re:Silverlight *does* patch automatically ... (0)

Anonymous Coward | about 5 months ago | (#45462377)

Unless you're one of those "smart" people that use windows

I usually take the stairs or the elevator, but I guess if you're in a hurry....

Smart people go to boot camp, because then you go through the window, but only when using OS X... because we all know that cats always land on their feet.

Re:Silverlight *does* patch automatically ... (1)

Anonymous Coward | about 5 months ago | (#45461567)

Or one of those corporate people with a managed desktop where you can't install your own patches and don't get anything that your IT department don't deem "ultra-critical" because they'd rather avoid any testing or issues with updating a browser plugin that's not relevant to your job. The last place I worked was usually about a month behind on patches while we deployed them to testing groups, and some of the "peripheral" stuff like patches for Silverlight, driver updates, etc would just be ignored altogether. And because we were using SCCM for patch management, the actual Windows Update services were forced off.

Re:Silverlight *does* patch automatically ... (0)

Anonymous Coward | about 5 months ago | (#45461735)

I'd be surprised they had Silverlight at all. It isn't installed by default, nor needed normally.

Re:Silverlight *does* patch automatically ... (0)

Anonymous Coward | about 5 months ago | (#45461829)

We did, although I never looked into how it got there. Given that we deployed desktops via SCCM task sequences, it's definitely possible that it was put in by a step in the TS rather than as a core part of Windows.

Re: Silverlight *does* patch automatically ... (0)

Anonymous Coward | about 5 months ago | (#45462223)

A month behind? My PC still has IE9 because our IT department are still trying to make the intranet site work with IE7 and are panicking about employees PCs getting too far ahead of them.

Re:Silverlight *does* patch automatically ... (0)

Anonymous Coward | about 5 months ago | (#45463441)

Mostly, I disable WU's ability to reboot my machine out from under me. This comes from a heavy-handed settings panel that gives you an all-or-nothing choice. And one slightly more than nothing choice... which is the right one.

Option 1: Let Windows Update do whatever it wants, whenever it wants, whether you're using the machine or not. Reboots will universally occur at times that interrupt things you feel are important. (It's like reverse clippy. "It looks like you're working on a document! Let me reboot your machine and lose all of your work for you!")
Option 2: Windows Update can download ONLY the really critical updates in the background, and nag you to install them, and even set them up to install on reboot, but never interrupt your usage. (This is the right choice, given these limited options.)
Option 3: Windows Update can go clean its butt with a rusty grill brush. (Bad idea. It will need tetanus shots along with malware scans.)

This completely ignores the well-designed configuration paradigm used by the power management system, where there are several independent options, but you choose a "profile". WU should allow you to choose WHICH levels of things to automatically download in the background. It should allow you to choose WHEN OR IF to automatically install them. And those options should be independent, and save as a "profile". Then there should be a set of conditions for when each profile becomes active, based on network connection, power supply, and system activity, as well as scheduling.

This is separate from the defaults for the "hurr durr" crowd. Defaults are fine for "those people", and should stay as they are now (reverse-clippy mode).

Come on... (0)

Anonymous Coward | about 5 months ago | (#45461437)

I know there's been alot of bad movies lately... But malware? Really? That's harsh.

Misleading title? (1)

Anonymous Coward | about 5 months ago | (#45461469)

Isn't this title just totally misleading? Although Silverlight never enjoyed the popularity of Flash, it's not like Netflix is the exclusive user of Silverlight...

Re: Misleading title? (2)

jrumney (197329) | about 5 months ago | (#45462241)

Yes, don't forget all the people checking the Beijing Olympics website daily for the latest updates. They have Silverlight installed too.

The Critic malware (2)

Gravis Zero (934156) | about 5 months ago | (#45461487)

good news! all users that dont use Netflix will be unaffected. I can only surmise that this malware replaces all movie descriptions with "It stinks." [youtu.be] and a rating of one star.

Re:The Critic malware (1)

ApplePy (2703131) | about 5 months ago | (#45461831)

good news! all users that dont use Netflix will be unaffected.

Good thinking! My Linux box is so secure it won't even run Netflix!

Re:The Critic malware (1)

jedidiah (1196) | about 5 months ago | (#45464287)

> Good thinking! My Linux box is so secure it won't even run Netflix!

Although it handles Hulu and Amazon Prime just tine.

Unknowingly? (4, Insightful)

pablo_max (626328) | about 5 months ago | (#45461491)

Tell me, when is the last time you knowingly were infected with malware?

Re:Unknowingly? (-1, Offtopic)

BlackPignouf (1017012) | about 5 months ago | (#45461617)

Yesterday, with your mom.
Totally worth it, though! :D

Re:Unknowingly? (-1)

Anonymous Coward | about 5 months ago | (#45461893)

You make it sound like a compliment.

Re:Unknowingly? (-1)

Anonymous Coward | about 5 months ago | (#45462155)

But how did you find his mom asshole without a map?

Re:Unknowingly? (-1)

Anonymous Coward | about 5 months ago | (#45462017)

Last night, with BlackPignouf. The bastard gave me herpes.
He didn't even kiss me first. ;(

Re:Unknowingly? (0)

Anonymous Coward | about 5 months ago | (#45462213)

Each time you install something from Adobe, ask.com, or silverlight?

Re:Unknowingly? (1)

osu-neko (2604) | about 5 months ago | (#45462251)

Tell me, when is the last time you knowingly were infected with malware?

A few years ago. Rebooting into Windows and deliberately plugging into a client's network was (for various reasons) the quickest/easiest way to determine what exactly was infecting their computers and if it was really spreading across the LAN rather than being transmitted by some emailed word document or promiscuous USB-stick user. It was.

I've actually never been unknowingly infected with malware. It's always been deliberate, although I didn't always know exactly what sample I'd be collecting...

Newsflash! (0)

Anonymous Coward | about 5 months ago | (#45461507)

Active content executes code in the user's computer!

C'mon, folks...

to post about already patched vulnerabities (1)

Celexi (1753652) | about 5 months ago | (#45461513)

Really? Why is this on front page of Slashdot? A vulnerability that was patched months ago via windows updates is now an issue?

Re:to post about already patched vulnerabities (2)

penix1 (722987) | about 5 months ago | (#45461661)

To me the real story isn't the attempt to sensationalize on a vulnerability or to single out one user of the technology but that an exploit for that vulnerability has been added to an exploit kit. That means that you probably will see it exploited widely simply because of people turning off windows update for various reasons.

The best solution is to lock down Silverlight (2, Insightful)

Ruedii (2712279) | about 5 months ago | (#45461523)

For plugins like silverlight that run code rather poorly sandboxed, you should lock them to a whitelist, so that only web sites you have preapproved can use them.

Additionally, you should only run them on an unpriviledged user. (Something many Windows users don't do with anything as a regular practice.)

These two measures won't eliminate your risk, but they will dramatically reduce it.

Re:The best solution is to lock down Silverlight (1)

bazorg (911295) | about 5 months ago | (#45461681)

Hi,

When you say that it is not properly sandboxed and using admin user permissions, does that apply to people using IE11 (Windows 8)? I thought the defaults on Windows 8 were not as careless as back in the day of XP pre-SP.

Re:The best solution is to lock down Silverlight (3, Insightful)

zippthorne (748122) | about 5 months ago | (#45462559)

How do you lock silverlight to a whitelist?

Re:The best solution is to lock down Silverlight (1)

Anonymous Coward | about 5 months ago | (#45463367)

Silverlight is a plugin, and in Chrome you can block all plugins and then add sites to a plugin whitelist. I assume something similar is available in other browsers.

There are similar whitelists for Javascript and cookies. I whitelist all three. Managing the lists can be annoying, but I prefer to have a bit of control over what web sites do on my computer.

Netflix? (3, Informative)

Anonymous Coward | about 5 months ago | (#45461585)

And this is specific to Netflix users?
I don't get it.

Re:Netflix? (2)

CastrTroy (595695) | about 5 months ago | (#45462639)

Well, to be fair, it's probably the only reason most people have Silverlight installed. The only other thing I can think of that used Silverlight was when NBC required Silverlight for watching the Olympics, but I think that was back in 2010. I don't know why Netflix doesn't just required some kind of App to be installed. They have one for Windows 8. Sure the browser feature would be nice as a fallback options, but for actually watching shows it would be much better accomplished outside the browser.

Re:Netflix? (1)

Java Pimp (98454) | about 5 months ago | (#45463819)

It has nothing to do with Netflix specifically. The article is sensationalist FUD. It's like saying Slashdot users are in danger of unknowingly picking up malware because someone found a javascript exploit.

Silverlight? No Thanks (3, Informative)

Scarletdown (886459) | about 5 months ago | (#45461603)

Back when I used to be able to stream Netflix (I since changed my account to the 3 DVDs at a time plan instead), I gave Silverlight a try. After Silverlight was installed, my video capture device with WinDVR suddenly stopped working. Suspecting Silverlight was the culprit, I set up the video capture device on a test box, and verified that it worked. Then I installed Silverlight there, and sure enough, no more video capture capability. Removed Silverlight and eradicated all traces of it from the system, and my hardware was once again working properly.

That was when I invoked the hardware owner's right. The ability for any publisher's software to run on hardware that I own is a privilege, not a right. If your product interferes with the rightful and proper operation of my property, then its privilege to exist on my system is revoked permanently.

Do not fuck with my hardware or any other software that I have installed, or you will not be permitted to run on any systems under my control, and word of your dipshittery will be passed on to others, so that they can be made aware that your software is malware.

Re:Silverlight? No Thanks (0)

Anonymous Coward | about 5 months ago | (#45461751)

or your hardware needs drivers that follow apis and don't assumed their funky behaviour won't be screwed over by any update to any library. Silverlight did not (could not) fuck with your hardware. Your hardware ahs shit software support (and it's either the vendors or your fault)

Netflix users? (3, Insightful)

BringsApples (3418089) | about 5 months ago | (#45461615)

Shouldn't this be Microsoft Windows users? My PS3 isn't going to get malware.

Re:Netflix users? (1)

Anonymous Coward | about 5 months ago | (#45461727)

Not even that, since neither Win RT, Windows Phone, or Xbox users are affected either.

Re:Netflix users? (1)

Anonymous Coward | about 5 months ago | (#45461771)

Not even that, since neither Win RT, Windows Phone, or Xbox users are affected either.

Neither are any Windows users with Windows Update on. This was auto-patched months ago. The summary blurb about upgrades is just ignorant.

Re:Netflix users? (0)

Anonymous Coward | about 5 months ago | (#45461919)

Shouldn't this be Microsoft Windows users? My PS3 isn't going to get malware.

Ah.

We stand corrected, and you are right.

Your PS3 isn't going to get malware. They prevented that sort of thing right at the factory by pre-installing the malware for you.

The dangers of using M$ Windoze keep piling up (-1)

Anonymous Coward | about 5 months ago | (#45461665)

Yet people keep going back to the DRM infested malware magnet called non-free software, M$ Windoze included. Apparently the sheep can't get away from their daily fix of watching movies(which should have no digital restrictions management in the first place) and online games. Not only is Silverblight a malware magnet but it is a sorry excuse of a scripting language. Oh sure there is Moonblight but it lacks several proprietary extensions M$ has used to further their Illegal monopoly. Those extensions prevent lusers from watching NeanderthalFlix in GNU/Linux. If Neanderthalflix gave two shits about their customers they would abandon digital restrictions management as well as DRM infested malware magnet Silverblight.

--
Friends don't help friends install M$ junk.
Friends do assist M$ addicted friends in committing suicide.

Re:The dangers of using M$ Windoze keep piling up (1)

jones_supa (887896) | about 5 months ago | (#45464193)

We get it. You seem like the classic foam-mouthed person who loves Linux and hates everything Microsoft touches. Bonus points for writing "M$ Windoze". Year 2000 called and wants your rant back.

This is not a news (0)

Anonymous Coward | about 5 months ago | (#45461733)

Users of Microsoft platform are getting infested with malware....

If you want to be "safe" you have either to make sure that you have a very well maintained platform, and some smart firewalling setup that will passivelly monitor your connection and ping you when suspicious trafic is happening.

Or not use windows, and be reasonably prudent....
But then you will not get your "goodies" ...

The main issue is that most people do not care ... they just "know" that if the computer starts to be very slow you have to reinistall everything and hope that their
double verification payment platform/banking interface is reasonably safe from man in the middle attacks... and insured so that if your account goes into red you'll get repaid eventually...

too much Linux (-1)

Anonymous Coward | about 5 months ago | (#45461765)

Come on, Linux users, try Windows sometime. It's really not that bad anymore! Windows 9x has been unsupported since 2006, and if you haven't used Windows since then, you've been missing out. The modern versions of Windows have an NT kernel, Service daemons, an MSI package manager, an advanced Firewall that actually works, and this thing called Microsoft Update that automatically installs security patches for stuff like Silverlight. The old days are over, friends. Windows is finally usable at last.

Re:too much Linux (1)

ApplePy (2703131) | about 5 months ago | (#45461845)

Windows is finally usable at last.

And then came Windows 8....

Re:too much Linux (0)

Anonymous Coward | about 5 months ago | (#45461975)

Have ya looked at Apple Launchpad recently? Or maybe you remember At Ease, perhaps? Both of these Apple products look exactly like a Windows 8 Start Screen, thank Apple.

Re:too much Linux (1)

jones_supa (887896) | about 5 months ago | (#45464233)

And then came Windows 8....

You can still run Windows 7. It will still be supported for over 6 years.

Re:too much Linux (-1)

Anonymous Coward | about 5 months ago | (#45462231)

Modded down to -1 by the penguin fuckers, because Slashdot loves Linux carnally.

As a Roku owner (1)

reboot246 (623534) | about 5 months ago | (#45461841)

As a Roku owner this affects me how? Who uses a PC to view Netflix content? Yes, it's possible, but it's not the best way.

Re:As a Roku owner (0)

Anonymous Coward | about 5 months ago | (#45461949)

As a Roku owner this affects me how? Who uses a PC to view Netflix content? Yes, it's possible, but it's not the best way.

You're asking why people use a computer...to go visit a website?

No fucking wonder people can't seem to remember that "smart" thing in your hand is also a phone that you talk to other people with, using your voice.

Common sense is rare. Apparently really rare.

Re:As a Roku owner (0)

Anonymous Coward | about 5 months ago | (#45462045)

As a Roku owner this affects me how? Who uses a PC to view Netflix content? Yes, it's possible, but it's not the best way.

Anyone smart enough to figure out how to make an all-in-one media center connect to their TV. Roku is nice for Grandma, but lacks support for a whole host of media types and sources, plus the last time I checked, the interface was pretty crappy.

How does this stuff get the green light? (5, Insightful)

WD (96061) | about 5 months ago | (#45462015)

1) This has nothing to do with Netflix. I am a Netflix user and I suspect that my Roku is not affected by the vulnerability in question.
2) Silverlight *does* get updated with automatic updates.
3) The vulnerability in question was fixed in March (MS13-022).

Re:How does this stuff get the green light? (0)

Anonymous Coward | about 5 months ago | (#45462589)

Because Slashdot is owned by Dice. The editors have cotton for brains.

Re:How does this stuff get the green light? (1)

Desler (1608317) | about 5 months ago | (#45463421)

That w as true long before the Dice buyout. Do you not remember kdawson? The sad part is that kdawson looks like a genius compared to Timmeh and Unknown Lamer these days...

Disable plugins by default (1)

CadentOrange (2429626) | about 5 months ago | (#45462023)

This is why I have plugins disabled by default and enabled only for certain "trusted" sites. For Silverlight, the only site that can run it is Netflix. This obviously doesn't protect you if your "trusted" site is compromised, but it does mean that browsing to some random website doesn't automatically infect you.

What does this have to do with Netflix? (3, Interesting)

EmagGeek (574360) | about 5 months ago | (#45462107)

Sorry, but this is just senseless hyperbole. Malware can be picked up from ANY website, but mentioning Netflix by name is just a design at whipping up a senseless panic.

Fuck you, Slashdot.

No M$ blasting ? (0)

Anonymous Coward | about 5 months ago | (#45462191)

I'm disappointed, leaving.

Proprietary web standards insecure. Film at 11 (0)

LoRdTAW (99712) | about 5 months ago | (#45462211)

"Users of Silverlight, Microsoft's answer to Adobe Flash"

Ah! There's your problem, right there.

WARNING! both TF And the /. title are nothing more than sensationalism. Nothing in TFA, which is quite brief, specifically says Netflix users are being targeted. Only that Netflix uses silverlight which has a vulnerability. Its like saying "Newgrounds (pretend it's 6+years ago and still relevant) users are in danger of being infected with malware" when its all users of flash. *BUT* since silverlight and flash are web technologies which have fallen out of favor, Netflix users are guaranteed to have it installed as it is not included by default with Windows and unnecessary for 99.9999%+ of all web content. I have never installed it and I think only once have I seen a website that needed it. I don't use Netflix either.

Maybe its time Netflix invested in HTML5 and other open, modern, cross platform standards.

Re:Proprietary web standards insecure. Film at 11 (1)

Desler (1608317) | about 5 months ago | (#45463083)

Only that Netflix uses silverlight which has a vulnerability.

That was patched in March via auto update... Unknown Lamer and Timmeh continue to show how the Slashdot "editors" are functional illiterates.

Harmony remote configuration stuff too (1)

Megane (129182) | about 5 months ago | (#45462273)

There is only one reason I have Silverblight installed on my OS X laptop, and that's the (laggy as fuck) Harmony remote configurator. Since that's the only thing I have which uses that crapware, I have the extension disabled in my web browser unless I'm actually using it.

The Harmony remote is such a total piece of crap, and that Silverblight configurator crapplet doesn't make it any better. The best part is when I drop it, its batteries bounce and it resets and thinks all devices are off. Fuck you very much, Logitech. If it weren't for some codes that I couldn't discover otherwise for when I eventually make my own damn remote (someday when I have enough free time), it would be completely worthless to me.

To STOP the "Angler Exploit Kit" (0)

Anonymous Coward | about 5 months ago | (#45463211)

0.0.0.0 peragretisque.yevgenimalkin.com
0.0.0.0 yevgenimalkin.com

Add those to your hosts file - since "what you can't touch, can't hurt you"...

APK

P.S.=> Easiest & BEST way to build a custom hosts file (that adds more layered security, speed, reliability, & even anonymity (to an extent only on the latter)?

Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775 [slashdot.org]

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 [slashdot.org] w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

Enjoy - she's a 100% freebie & really works + VERY well (especially considering 99% of the servers/hosts-domains used nowadays ARE hostname-domainname based since "fastflux" &/or Dynamic DNS utilizing malware-botnets etc. ARE truly FAST becoming "the norm" & have been in use for years now).

... apk

Silverlight is (1)

kilodelta (843627) | about 5 months ago | (#45463623)

A flaming piece of shit from the word go. I can't stand it and wish Netflix would just go back to the damned Flash player. I have an older machine and can regular watch Silverlight consume EVERY CPU cycle. It seems to do with network latency - it loses it's mind.

Can't have it both ways. (0)

Anonymous Coward | about 5 months ago | (#45463691)

Netflix Users In Danger of Unknowingly Picking Up Malware / You'd think something like Silverlight would automatically upgrade itself.

You can't have it both ways - you want silverlight updating or you want to stop malware being installed?

(implying silverlight is malware in a sense greater than just software)

Jeez, I frickin' hope so (1)

doggo (34827) | about 5 months ago | (#45463763)

"You'd think something like Silverlight would automatically upgrade itself."

As intrusive and time consuming as Microsoft updates are, they damn well better be updating Silverlight, FFS.

Sensationalism at its best. (1)

Java Pimp (98454) | about 5 months ago | (#45463865)

Seriously, there has to be a better way to down mod articles that make it to the front page. The firehose just doesn't cut it.

Ya like that's going to go over well (1)

Stan92057 (737634) | about 5 months ago | (#45464045)

"You'd think something like Silverlight would automatically upgrade itself".

Ya like that's going to go over well either the crowd at /. have been crying foul for over 10 years about how they don't want auto update from the evil empire of MS lol
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...