Windows attack can steal your logged-in username and passw

A previously-disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.

But now a new proof-of-exploit shows just how easy it is to steal someone's credentials.

The flaw is widely-known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

The flaw works because Internet Explorer and Edge (on Windows 10) allow a user to access local network shares but don't fully block connections to remote shares.

To exploit this, a hacker has to trick a user into visiting a specially-crafted web page in Internet Explorer or Edge (on Windows 10) that points to their own network share. The browser will silently send usernames and hashed passwords to the network share, which can then be scooped up and stolen...


Read more: Windows attack can steal your logged-in username and password | ZDNet
 
Sounds like another reason to stay with Firefox ;)
 

My Computer

System One

  • OS
    Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Real World Computing
    CPU
    AMD FX8350 8 Core @4GHz
    Motherboard
    Asus M5A78L-M USB3
    Memory
    32GB [4x8GB] DDR3 1600 MHz
    Graphics Card(s)
    Asus nVidia GTX750TI-OC-2GD5 (2GB DDR5)
    Sound Card
    ASUS Xoner DG + SPDIF to 5.1 System + HDMI
    Monitor(s) Displays
    Acer G276HL 27", (DVi) + Samsung 39" HDTV (HDMI)
    Screen Resolution
    1920 x 1080 @60Hz + 1920 x 1080 @60Hz
    Hard Drives
    Internal
    Crucial 256GB SSD,
    WDC WD30EZRX-00D8PB0 3TB,
    Toshiba HDWD130 3TB
    Seagate ST2000DM001-1CH1 2TB,

    External (USB3)
    Seagate Backup+ Hub BK SCSI Disk 8TB
    2.5/3.5 Hot Swap Cradle, USB3 + eSata (client HDDs)

    NAS
    Seagate ST4000DM000
    PSU
    Aerocool Templarius Imperator 750W 80+ Silver
    Case
    AeroCool X-Warrior Devil Red Tower
    Cooling
    Stock CPU, Rear 120mm, Front 2x120mm, Side 2x120mm
    Keyboard
    Logitech Wireless K710 & K270
    Mouse
    Logitech Wireless M710 M185 & M570 Trackball
    Internet Speed
    37Mb/s Down - 9.5Mb/s Up
    Browser
    Chrome
    Antivirus
    BitDefender Total Security 2017
    Other Info
    Also run...

    Desktop - 6Core 8GB - Windows 10 Enterprise x64,
    Laptop - Quad 8GB - Windows 10 Pro x64
    Netbook - Ubuntu
    2 x Nexus 7 Android tablets
    Samsung 10.2" tablet
    Sony Z3 Android Smartphone
    HTC One Android Smartphone
Back
Top