Date : Tue, 27 Jul 2010 19:05:44 +0200
From : rick@... (Rick Murray)
Subject: bbcdocs website problem
On 27/07/2010 15:55, paul aslin wrote:
> Really wierd as http is a proper standard,
Mmmm... Which one? There's a dozen of them. ;-)
> Anyway, the level of security is entirely dependant on how many
> microsoft programs are used/active. Disabling things like remote
> desktop and using something other than IE makes everything less
> likely to get owned.
This is something us dopey apparently-clueless techies are trying so
hard to instruct the world about. Yes, IE is insecure, IE6 especially
so. But moving to another browser won't prevent something nasty
exploiting a bug in Flash?
An idea or two:
http://www.theregister.co.uk/2010/02/09/adobe_flash_crash_bug/
Did you know they've recently uncovered a bug in Explorer's handling of
shortcuts so that simply opening an 'infected' USB (etc) device (inc.
NAS and such) will infect? Nothing needs to be specifically run, as soon
as Explorer sees the shortcut, wham.
http://www.theregister.co.uk/2010/07/27/zeus_exploit_shortcut_hole/
As you can guess by the URL, it's in the wild and it affects EVERY
version of Windows ('cept 3.x :-) ).
Before anybody makes a comment on how lame Windows is, let me first say:
!App.!Boot
Open the folder containing apps, all the !Boot files are scanned so RISC
OS can learn the runtypes and such. It would be a doddle to insert
something nasty here, and it would behave in much the same way.
This, however, is the danger of staying with XP SP2. For the moment,
we're all vulnerable. Soonish, a patch will be released for SP3, Vista,
Win7...
But on SP2, you'll never again be able to use a CD/DVD-ROM, flash disc,
or NAS without knowing exactly where it came from, or - in the case of
USB/SD, formatting it as soon as it is first installed.
Best wishes,
Rick.
--
Rick Murray, eeePC901 & ADSL WiFI'd into it, all ETLAs!
BBC B: DNFS, 2 x 5.25" floppies, EPROM prog, Acorn TTX
E01S FileStore, A3000/A5000/RiscPC/various PCs/blahblah...