 |
|
Who's Online
|
There are currently 319 people and 1 DV-member(s) online.
|
|
|
|
|
RSS
|
|
|
|
|
| |
Worst Windows bugs of the last 10 years
| |
Posted on Sunday, October 12 2008 @ 15:42:01 CEST by Thomas De Maesschalck |
InfoWorld looks back at the worst flaws in Windows of the past decade. Here's one of the embarrassing security flaws that was discovered in October 2000 in Windows 9x:
Windows 9x introduced a nifty little concept wherein users could host a password-protected mini file server, aka a share, on their PCs. The idea was simple: Allow users of networked computers to host and share files securely. Only the padlock Microsoft used to lock the door came equipped with a gaping hole that rendered it useless.
"When processing authentication requests for a NetBIOS share, Windows 95/98 would look at the length of the password sent by the attacker and then only compare that number of bytes to the real password," writes vulnerability expert H.D. Moore, who manages the Metasploit Framework project.
Oops. "This let the attack specify a password of zero bytes and gain access to the share," without actually knowing the password at all, Moore explains.
"The real damage," he continues, "was that by trying all characters of incrementing lengths, they could literally obtain the password for share from the server."
|
Add to Del.icio.us | Digg It | |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
|
