Quote:
|
The source has been traced to china. Thats where the initial infection of the websites that installed the keylogger came from. As for which sites were infected, the effort of identifying and fixing them is ongoing as more sites are getting infected daily.
|
Care to dish up some references for those claims?
Also the 'websites' have not installed any keyloggers. Think about it.
Quote:
|
Its likely because they have their browsers set to automatically install software and hit one of the sites with a cross site scripting bug that loaded a javascript control from "the server in china" (honestly, there was ONE server in china that was serving up the malicious javascript from this last wave of hacks) that pulled down and installed a keylogger.
|
It is more likely that the browsers were unpatched. Ordinary users hardly ever fiddle with those settings. Since it has documented (see some of the threads on the official forums) that the attack targeted year old vulnerabilities, an unpatched system is enough. Also there is no such thing as a JavaScript control, xxs has nothing to do with this (you don't load 'stuff' from elsewhere with xss, you inject stuff into something else).
Quote:
phpBB admins need to be on their toes and watch their logs. The world needs to destroy activeX and the people who created it. It only takes one site that throws pop-ups as part of its normal functioning (and thus have it in your trusted sites list) to get hacked for a
blah blah blah
what they deserved. I have more sympathy for the .aspx folk and less for .aspx implementors.
|
Seriously dude, stop getting your information from online forums. Start reading about the underlying technologies. Perhaps then you might actually see just how retarded your comments are.
Quote:
Originally Posted by feldon30
To anyone who says "any browser can be compromised" or points to vulnerabilities in Firefox as an excuse to continue using IE, I say I have never seen Firefox INSTALL software because of what a website told it to do.
|
https://addons.mozilla.org/en-US/firefox/ ?? That is a website and it will ask you to install software, which Firefox will do.
Quote:
|
The fundamental design of Internet Explorer is flawed. It starts by granting incredible amounts of permission, and then Microsoft keeps patching holes like fingers in a dam. A year ago, it was discovered that BMP files could contain executable code which a DLL within Windows can be triggered to execute. I mean how ridiculous is this that a graphic file would be fed through some code that would allow it to EXECUTE?
|
I am sure the Microsoft devs are shuddering in their panties because of your in-depth analysis. First off try to understand what you are actually talking about. OK, since waiting 5 years for you to get your CS masters might be too long, let me try to enlighten you a bit.
IE's granting of permission is not an issue. The security holes in IE and retards not patching their systems is the issue. You don't have the knowledge nor the brains to actually comment on the security level of IE, so stop it.
Try doing this search:
BMP vulnerability - Google Search
What do you see? Well one of the links is this:
S-212: Mozilla Vulnerability in BMP Decoder
OMG - Firefox has a BMP issue (as do a multitude of other applications).
So what you are going to do now? You can't use IE nor can you use Firefox?
Quote:
|
And ActiveX, as you know, is really a Java hybrid that Microsoft whipped up back when they thought that Sun was crazy to lock Java down so hard. They thought that any piece of executable code on the computer should have permissions to write anywhere and modify anything else. They thought they were doing the world (and network admins) a favor by making ActiveX so "free".
|
LOL - ActiveX is a Java Hybrid?. Seriously dude. Read a book or something; may I suggest
Amazon.com: Absolute Beginner's Guide to Computer Basics (4th Edition) (Absolute Beginner's Guide): Michael Miller: Books
If the world were ActiveX free, you can pretty much go back to DOS. What you don't realise is that ActiveX or OLE or COM is a base technology in Windows. It is confusing due to the misnaming, but ActiveX is just a fancy word for OLE. Without OLE there would be no EQ2. Problem solved.
Your ramblings about lockdowns etc. are just wrong
Quote:
|
Firefox just plain doesn't work that way. Have there been exploits of Firefox? Yes. Have programs installed themselves onto our PCs because of holes in Firefox? Not that I've seen.
|
Ah, so because you haven't seen it, it doesn't exists. Makes sense since you are obviously an industry expert. Maybe if you asked Mozilla you might be surprised at the results:
Mozilla Foundation Security Advisories
To feldon30, Trepan and all the rest of those who think they know;
Shut the fuck up.
You pollute these threads with your stupid ramblings and just add FUD in the discussions. Your display of stupidity is quite astounding for those with just a simple clue, but for the folks who don't care to know the workings of IT systems, you just cause misinformation and insecurity.
Quote:
|
You wanna know how to keep yourself secure? Browse in a VM!
|
Not really ->
Core Security | News
The best thing the Gaming community can do, is to force the Game Makers to actually make their games 'immune' to Keylogging technology and take general security more seriously.
SOE, Blizzard et al, hide behind the fact that there nothing wrong with their technology, but since it is their games, and ultimately the users of their software that get hurt, they need to wake up and do something.
The technology to do this is not advanced and as a side-effect it will actually make botting programs many times harder to make and require technology and resources which might be out of the range of many RTM companies.
Re: Toon Hacking/Account Stealing/Keylogging Consolidated Thread
