Windows and file sharing vulnerability

Reply Subscribe

Thread Tools

Search this Thread

19th August 2010 | 07:27

#1 (permalink)

BOAC

Thread Starter

Per Ardua ad Astraeus

Joined: Mar 2000

Posts: 18,575

Likes: 4

From: UK

Windows and file sharing vulnerability

Last week Apple fixed an I-Tunes vulnerability involving the loading of "safe" file types from remote network locations. A company called Acros Security says this vulnerability works when a remote attacker plants a malicious DLL with a specific name on a network share and get the user to open a media file from this network eg using I-Tunes, requiring minimal effort by the attacker.

Microsoft Windows and about 40 applications that run on it are vulnerable to this form of attack and M$ are 'investigating'. As always, Facebook/Twitter etc users beware?

19th August 2010 | 07:53

#2 (permalink)

mixture

Joined: Aug 2002

Posts: 3,663

Likes: 0

From: Earth

BOAC,

Much as your vulnerability warning efforts are admirable, I would think you're putting yourself in a risky situation where people might start relying on you to issue the advisories ?

Given the number of combinations of different software and different vulnerabilities you're going to have to start doing a lot more posting than you are at the moment to keep up with them all.

Personally I would think the mods would do better to put a sticky at the top of the C&I forum giving links to well known sites that activley maintain lists of current security vulnerabilities (or "security advisories" as the software developers prefer to call them) .... as well as a set of FAQs which seem to come up time and time again here on C&I.

19th August 2010 | 08:29

#3 (permalink)

BOAC

Thread Starter

Per Ardua ad Astraeus

Joined: Mar 2000

Posts: 18,575

Likes: 4

From: UK

A good idea and you should PM the mod?

Quote:

people might start relying on you to issue the advisories

- would hope not, but that they would perhaps Google 'Acros' and see what it is all about? There are plenty of links.

Better forewarned than forlorn?

19th August 2010 | 09:33

#4 (permalink)

mixture

Joined: Aug 2002

Posts: 3,663

Likes: 0

From: Earth

Quote:

A good idea and you should PM the mod?

Maybe.... but then I do know mod Saab is regularly sighted in this dark and dingy corner of PPRuNe.

Quote:

Better forewarned than forlorn?

Don't misunderstand my point, I was being genuine when I said your efforts were admirable....only wanted to put forward my 2 <currency> worth of thoughts......

19th August 2010 | 13:35

#5 (permalink)

rgbrock1

Joined: Aug 2000

Posts: 436

Likes: 0

From: Patterson, NY

BOAC:

Many of these "vulnerabilities" are, IMHO, over-exaggerated in that the majority of users would never suffer from these security lapses. As long as one is careful/cautious/paranoid about what one does on the Interweb then the chances of suffering from one of these security issues is somewhat mitigated.

19th August 2010 | 13:41

#6 (permalink)

BOAC

Thread Starter

Per Ardua ad Astraeus

Joined: Mar 2000

Posts: 18,575

Likes: 4

From: UK

RG - agreed, but how many Faceb o o k/Twitter/I-Tunes/whatever users fit that spec?

19th August 2010 | 16:02

#7 (permalink)

rgbrock1

Joined: Aug 2000

Posts: 436

Likes: 0

From: Patterson, NY

Correct BOAC. I've seen people do some very troubling things on sites like Facebook or Twitter. (Both of which I will never have an account on. NEVER.)

iTunes, on the other hand, is virtually problem-free.