Hacking Vista: Easier than you'd think

Hacking Vista: Easier than you'd think
http://blogs.ocregister.com/gadgetre...g_vista_e.html

It happens

http://www.neowin.net/index.php?act=view&id=39650


"Susan" <dsnsacree@msn.com> wrote in message
news:ulvb64fhHHA.1240@TK2MSFTNGP04.phx.gbl...
> Hacking Vista: Easier than you'd think
> http://blogs.ocregister.com/gadgetre...g_vista_e.html
>
>
>
>
>
>

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

I don't know much about Macs but what I noticed with the Vista one is that
the security information that popped -up. I wonder if the person was
relying solely on the Windows firewall --no anti-virus applications up and
running? Person did not even download and save attachment and then scan it.
Although I know Steve Gibson once posted that he would not open an
attachment from his own mother!



"Mike Hall" <mikehall@mvps.org> wrote in message
news:OiHq59fhHHA.4064@TK2MSFTNGP03.phx.gbl...
> It happens
>
> http://www.neowin.net/index.php?act=view&id=39650
>
>
> "Susan" <dsnsacree@msn.com> wrote in message
> news:ulvb64fhHHA.1240@TK2MSFTNGP04.phx.gbl...
>> Hacking Vista: Easier than you'd think
>> http://blogs.ocregister.com/gadgetre...g_vista_e.html
>>
>>
>>
>>
>>
>>
>
> --
>
>
> Mike Hall
> MS MVP Windows Shell/User
> http://msmvps.com/blogs/mikehall/
>
>
>

Susan;
Attachments from friends and relatives have always been a major source
of malware.

"Steve Gibson once posted that he would not open an attachment from
his own mother!"
He probably would if he was expecting it.
But if the attachment is unexpected, first verify with the sender that
it is legitimate.

An infected computer will often send the infection to others in the
address book.
And normally friends and relatives are in the address book.

Many malware issues could be prevented by not opening unexpected
attachments.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"Susan" <dsnsacree@msn.com> wrote in message
news:epjxwmghHHA.4980@TK2MSFTNGP02.phx.gbl...
>I don't know much about Macs but what I noticed with the Vista one is
>that the security information that popped -up. I wonder if the
>person was relying solely on the Windows firewall --no anti-virus
>applications up and running? Person did not even download and save
>attachment and then scan it. Although I know Steve Gibson once posted
>that he would not open an attachment from his own mother!

I totally agree with you. But unfortunately people still do like they fall
for phishing schemes. What is scarry to me though is that small local
organizations are doing banking online and people give them credit card
numbers. These organizations may receive numerous emails with attachments
and may be manned by volunteers who are not very computer savvy. You may be
computer savvy but that will not help there if you have given your credit
card number to them. It may be best to pay by check.


"Jupiter Jones [MVP]" <jones_jupiter@hotnomail.com> wrote in message
news:%23DB3PHihHHA.4976@TK2MSFTNGP03.phx.gbl...
> Susan;
> Attachments from friends and relatives have always been a major source of
> malware.
>
> "Steve Gibson once posted that he would not open an attachment from his
> own mother!"
> He probably would if he was expecting it.
> But if the attachment is unexpected, first verify with the sender that it
> is legitimate.
>
> An infected computer will often send the infection to others in the
> address book.
> And normally friends and relatives are in the address book.
>
> Many malware issues could be prevented by not opening unexpected
> attachments.
>
> --
> Jupiter Jones [MVP]
> http://www3.telus.net/dandemar
> http://www.dts-l.org
>
>
> "Susan" <dsnsacree@msn.com> wrote in message
> news:epjxwmghHHA.4980@TK2MSFTNGP02.phx.gbl...
>>I don't know much about Macs but what I noticed with the Vista one is that
>>the security information that popped -up. I wonder if the person was
>>relying solely on the Windows firewall --no anti-virus applications up and
>>running? Person did not even download and save attachment and then scan
>>it. Although I know Steve Gibson once posted that he would not open an
>>attachment from his own mother!
>

In message <#vH6v7ohHHA.5048@TK2MSFTNGP03.phx.gbl> "Susan"
<dsnsacree@msn.com> wrote:

>I totally agree with you. But unfortunately people still do like they fall
>for phishing schemes. What is scarry to me though is that small local
>organizations are doing banking online and people give them credit card
>numbers. These organizations may receive numerous emails with attachments
>and may be manned by volunteers who are not very computer savvy. You may be
>computer savvy but that will not help there if you have given your credit
>card number to them. It may be best to pay by check.

That has to be some of the worst advice I've ever seen.

Credit card liability is limited to $50 by law (in North America,
anyway) and many/most cards give you $0 liability in the event of fraud.

More importantly, the disputed charges are removed *instantly*, so while
the issue gets sorted out, you aren't stuck without access to funds.

A cheque, on the other hand, gives the fraudster direct access to your
bank account information (it's printed on the cheque) -- It's fairly
trivial to print up cheques, or to withdraw funds directly. In the
event of fraud you'll eventually get your money back, but not until the
issue is resolved, meaning you have to do without access to those funds
-- If you happen to be one of the souls that lives month to month, your
rent/mortgage may not get paid.

The entire banking system is a trust based house of cards. Cheques and
credit cards rely on signatures which are never even looked at except in
case of fraud, and precious little else, you can print cheques that will
pass electronic inspection on your average laser printer (okay, you do
need magnetic toner, not cheap, but legal to own and use). Even better,
in the US cheques don't even make it back to the issuing bank anymore,
only an image of the cheque, which lowers the bar for fraud somewhat if
you can ensure that the fraudulent cheque doesn't get noticed until the
receiving bank destroys it.

Credit cards are by far the safest way (for the buyer/owner of the card)
to do just about anything, as the law protects you far more then other
payment forms.

--
Ah, the miracle mile, where value wears a neon sombrero and there's
not a single church or library to offend the eye.
-- Homer

The point I am making is that the check is taken to the bank but credit
cards are entered on the computer and it is done online. I am speaking of
small local organization where the volunteers may not be computer savvy but
they know how to deposit checks into a bank. Sure you are limited but you
still would have to go though the hassle of getting things straightened out.
This organization have an internet security package and did not have it
properly installed for about six months.

I would prefer to write a check to that small, local, organization will
deposit checks in a bank than to have my credit card data stored on their
computer that may be hacked. The security of a computer and its data are
dependent upon those who use it! I am not referring to large organizations
with dedicated computer staff.

"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message
news:2nks23hkse05soa6qb0kcq1fg8cuch22hf@4ax.com...
> In message <#vH6v7ohHHA.5048@TK2MSFTNGP03.phx.gbl> "Susan"
> <dsnsacree@msn.com> wrote:
>
>>I totally agree with you. But unfortunately people still do like they
>>fall
>>for phishing schemes. What is scarry to me though is that small local
>>organizations are doing banking online and people give them credit card
>>numbers. These organizations may receive numerous emails with attachments
>>and may be manned by volunteers who are not very computer savvy. You may
>>be
>>computer savvy but that will not help there if you have given your credit
>>card number to them. It may be best to pay by check.
>
> That has to be some of the worst advice I've ever seen.
>
> Credit card liability is limited to $50 by law (in North America,
> anyway) and many/most cards give you $0 liability in the event of fraud.
>
> More importantly, the disputed charges are removed *instantly*, so while
> the issue gets sorted out, you aren't stuck without access to funds.
>
> A cheque, on the other hand, gives the fraudster direct access to your
> bank account information (it's printed on the cheque) -- It's fairly
> trivial to print up cheques, or to withdraw funds directly. In the
> event of fraud you'll eventually get your money back, but not until the
> issue is resolved, meaning you have to do without access to those funds
> -- If you happen to be one of the souls that lives month to month, your
> rent/mortgage may not get paid.
>
> The entire banking system is a trust based house of cards. Cheques and
> credit cards rely on signatures which are never even looked at except in
> case of fraud, and precious little else, you can print cheques that will
> pass electronic inspection on your average laser printer (okay, you do
> need magnetic toner, not cheap, but legal to own and use). Even better,
> in the US cheques don't even make it back to the issuing bank anymore,
> only an image of the cheque, which lowers the bar for fraud somewhat if
> you can ensure that the fraudulent cheque doesn't get noticed until the
> receiving bank destroys it.
>
> Credit cards are by far the safest way (for the buyer/owner of the card)
> to do just about anything, as the law protects you far more then other
> payment forms.
>
> --
> Ah, the miracle mile, where value wears a neon sombrero and there's
> not a single church or library to offend the eye.
> -- Homer

In message <Onn$QqqhHHA.960@TK2MSFTNGP03.phx.gbl> "Susan"
<dsnsacree@msn.com> wrote:

>The point I am making is that the check is taken to the bank but credit
>cards are entered on the computer and it is done online. I am speaking of
>small local organization where the volunteers may not be computer savvy but
>they know how to deposit checks into a bank. Sure you are limited but you
>still would have to go though the hassle of getting things straightened out.
>This organization have an internet security package and did not have it
>properly installed for about six months.
>
>I would prefer to write a check to that small, local, organization will
>deposit checks in a bank than to have my credit card data stored on their
>computer that may be hacked. The security of a computer and its data are
>dependent upon those who use it! I am not referring to large organizations
>with dedicated computer staff.

Unless they scan the cheques, or have a bank that makes cheque images
available and they store them all for future reference (I do)

--
Ah, the miracle mile, where value wears a neon sombrero and there's
not a single church or library to offend the eye.
-- Homer

Actually, neither of these methods are totally fraud proof. But to be
honest, if cheques are not cleared by the issuing bank (like they are in
Australia), then sending a cheque is more of a concern then using your credit
card. As DevilPGD noted, you can dispute the transaction, and if worse comes
to worse, have your credit card cancelled and re-issued (however, some credit
card companies do charge a fee for disputing a claim, so it will cost you
anyway). Although I doubt a lot of organisations regardless of size would
scan their cheques. Credit cards are certainly more convenient and safe,
however, you should always monitor the transactions carefully (some banks
have the facility to send you a SMS when a purchase has been made). My
provider actually calls me if I make a purchase greater than $1000. To be
100% safe, send a bank issued cheque......Or use your credit card with well
known online pay services like paypal (but even their systems can be
attacked).

"DevilsPGD" wrote:

> In message <Onn$QqqhHHA.960@TK2MSFTNGP03.phx.gbl> "Susan"
> <dsnsacree@msn.com> wrote:
>
> >The point I am making is that the check is taken to the bank but credit
> >cards are entered on the computer and it is done online. I am speaking of
> >small local organization where the volunteers may not be computer savvy but
> >they know how to deposit checks into a bank. Sure you are limited but you
> >still would have to go though the hassle of getting things straightened out.
> >This organization have an internet security package and did not have it
> >properly installed for about six months.
> >
> >I would prefer to write a check to that small, local, organization will
> >deposit checks in a bank than to have my credit card data stored on their
> >computer that may be hacked. The security of a computer and its data are
> >dependent upon those who use it! I am not referring to large organizations
> >with dedicated computer staff.
>
> Unless they scan the cheques, or have a bank that makes cheque images
> available and they store them all for future reference (I do)
>
> --
> Ah, the miracle mile, where value wears a neon sombrero and there's
> not a single church or library to offend the eye.
> -- Homer
>

This thread got slightly off track...

This clip is typical of the media scaremongering and giving only one side of
the story.. If they turned it round and highlighted this as the importance
of a virus checker instead of a vista flaw I would have more respect for the
video. That hack works in Vista / XP / 2000 and NT. My 15 yr old could write
the script that did that but the way it is written a virus checker would
pick it up immediately.

In vista that hack wouldn't work if UAC was turned on, for all those who
have turned it off...lol.

It has good advice but this pc was connected by a pc connected right to it.
If a router was in front of the pc that hack would not work (assumuming the
pc wasn't configured in the DMZ zone of the router...assumming) They could
of mentioned this but then lessens their scare. Lots of other things would
have prevented that happening. Its not a vista flaw its a design of the OS.

The biggest problem in the industry is HOME USERS without any or expired
VIRUS CHECKERS !!!!!!!!!!!, I will also add that business are prone to this
also.

If we can just get this story across then we will cut out at least half of
all the issues on the internet.






"DJCOX" <DJCOX@discussions.microsoft.com> wrote in message
news:0C324E75-E62B-4A0B-816A-7A5B6E00A5F2@microsoft.com...
> Actually, neither of these methods are totally fraud proof. But to be
> honest, if cheques are not cleared by the issuing bank (like they are in
> Australia), then sending a cheque is more of a concern then using your
> credit
> card. As DevilPGD noted, you can dispute the transaction, and if worse
> comes
> to worse, have your credit card cancelled and re-issued (however, some
> credit
> card companies do charge a fee for disputing a claim, so it will cost you
> anyway). Although I doubt a lot of organisations regardless of size would
> scan their cheques. Credit cards are certainly more convenient and safe,
> however, you should always monitor the transactions carefully (some banks
> have the facility to send you a SMS when a purchase has been made). My
> provider actually calls me if I make a purchase greater than $1000. To be
> 100% safe, send a bank issued cheque......Or use your credit card with
> well
> known online pay services like paypal (but even their systems can be
> attacked).
>
> "DevilsPGD" wrote:
>
>> In message <Onn$QqqhHHA.960@TK2MSFTNGP03.phx.gbl> "Susan"
>> <dsnsacree@msn.com> wrote:
>>
>> >The point I am making is that the check is taken to the bank but credit
>> >cards are entered on the computer and it is done online. I am speaking
>> >of
>> >small local organization where the volunteers may not be computer savvy
>> >but
>> >they know how to deposit checks into a bank. Sure you are limited but
>> >you
>> >still would have to go though the hassle of getting things straightened
>> >out.
>> >This organization have an internet security package and did not have it
>> >properly installed for about six months.
>> >
>> >I would prefer to write a check to that small, local, organization will
>> >deposit checks in a bank than to have my credit card data stored on
>> >their
>> >computer that may be hacked. The security of a computer and its data
>> >are
>> >dependent upon those who use it! I am not referring to large
>> >organizations
>> >with dedicated computer staff.
>>
>> Unless they scan the cheques, or have a bank that makes cheque images
>> available and they store them all for future reference (I do)
>>
>> --
>> Ah, the miracle mile, where value wears a neon sombrero and there's
>> not a single church or library to offend the eye.
>> -- Homer
>>