Monday, June 18, 2007
A Couple of Windows Vulnerabilities
Today I ran across two Windows vulnerabilities. The first is important, but not especially surprising. The second is amazing.
First, via the Register, a strange spoofing vulnerabilty in Internet Explorer. This one is a bit scary with regards how it seems to spoof access to sites like Paypal and eBay.
Second, found via Slashdot, is a posting in the Ubuntu forum describing how an Ubuntu user running Internet Explorer under IE4WIN validated his PC through Windows Genuine Advantage, so he could download Windows Defender on his Linux box (presumably to then install it on a Windows PC). Yes, WGA validated a Linux box as a legitimate Windows installation! If this isn't a hoax it is further proof that WGA is terribly flawed.
The poster recorded the process to video which you can watch using a player that can handle .ogg files. I use VideoLAN, which runs on Windows, OS X, Linux, and *BSD.
I sent both of these to the Daynotes Backchannel list, so hopefully we'll get some meaningful discussions going on the various Daynoters' sites.