Windows 8 and 8.1 Forums

Windows attack can steal your logged-in username and passw

  1. #1

    Posts : 22,499
    64-bit Windows 10

    Windows attack can steal your logged-in username and passw

    A previously-disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.

    But now a new proof-of-exploit shows just how easy it is to steal someone's credentials.

    The flaw is widely-known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

    The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

    Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

    The flaw works because Internet Explorer and Edge (on Windows 10) allow a user to access local network shares but don't fully block connections to remote shares.

    To exploit this, a hacker has to trick a user into visiting a specially-crafted web page in Internet Explorer or Edge (on Windows 10) that points to their own network share. The browser will silently send usernames and hashed passwords to the network share, which can then be scooped up and stolen...

    Read more: Windows attack can steal your logged-in username and password | ZDNet

      My System SpecsSystem Spec

  2. #2

    Newport, South Wales, UK
    Posts : 568
    Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu

    Sounds like another reason to stay with Firefox
      My System SpecsSystem Spec

Windows attack can steal your logged-in username and passw
Related Threads
Windows logged me into a guest account in User Accounts and Family Safety
Hi: Windows logged me into a guest account after entering my password to my account. I have not set up a guest account. This is the first time that this has occurred. Please let me know why this would happen. Thank you,
Hello, I am planning to upgrade from Windows 7 to 8.1. I want a clean install. Is it possible to backup and restore savedpasswords in Internet Explorer 10 Windows 7, so that I can restore them in Windows 8.1? I do not want to use third party software. Thanks in advance
I used to log in to Win 8 with the name "User", which I like. When I tried to fire up Skype, my computer required me to make a Microsoft account, which I did. Problem is, now I log in with my real name and email address, using my MS account password. I want to go back being "User" and logging...
HELP...I can not log into my account..I am using the right password. I used the machine earlier, then came back and it would not accept the password. The pop up said..."can not log onto account at this time..see to fix any problems"...or something like that. The computer turns on...
Microsoft: Windows 8 Has Logged 60 Billion Hours of Usage I wonder how they came up with that figure?
I dont have a facebook app, and I never used the Facebook chat, and Im not even logged into the Facebook site. Yet when I am on my Windows 8 computer, people see me as available for chat. How do I stop this?
Eight Forums Android App Eight Forums IOS App Follow us on Facebook