ShortNews
+ + + 3 BRANDNEW NewsTickers for your Website! + + + easy configurable in less than 1 Minute + + + GET'EM NOW! + + +

   Home | Join | Submit News | MyShortNews | HighScores | FAQ'S | Forums Chat | 0 Users Online   
   
                 04/16/2014 12:10 PM  
  ShortNews Search
search all Channels
RSS feeds
   Top News High Tech
Girl Sends Terrorism-Themed Message to American Airlines Via Twitter
Movie Studios Sue Megaupload, Kim Dotcom for Copyright Infringement
Windows XP Support Ends April 8th
more News
out of this Channel...
  ShortNews User Poll
Do you think marriages between same-sex couples should be legally recognized?
  Latest Events
04/15/2014 07:31 PM
coronado receives 20 Points for very good Assessment of 'Man Who Harrassed Neighbors Ordered to Hold "I Am a Bully" Sign'
04/15/2014 07:31 PM
captainJane receives 20 Points for Comment about 'Man Who Harrassed Neighbors Ordered to Hold "I Am a Bully" Sign'
04/15/2014 03:42 PM
coronado receives 100 Points for News Submission of 'Tea Party Primary Challenger Says John Boehner Has "Electile Dysfunction"'
04/15/2014 03:19 PM
coronado receives 100 Points for News Submission of 'Man Who Harrassed Neighbors Ordered to Hold "I Am a Bully" Sign'
04/15/2014 02:50 PM
coronado receives 100 Points for News Submission of 'Man Jailed for Being Too Loud During Sex Says He CanĀ“t Help Being "Too Good"'
04/15/2014 02:27 PM
coronado receives 100 Points for News Submission of 'Police Officer Delivers Own Baby in Squad Car'
04/15/2014 02:10 PM
coronado receives 100 Points for News Submission of 'Woman Walks Man on a Leash'
04/15/2014 01:49 PM
coronado receives 100 Points for News Submission of 'Small Plane Makes Emergency Landing on Golf Course'
04/15/2014 01:29 PM
coronado receives 100 Points for News Submission of 'US Airways Apologizes for Accidental Pornographic Tweet'
04/15/2014 01:10 PM
coronado receives 100 Points for News Submission of 'Prize-Winning Dog Stolen'
  6.220 Visits   23 Assessments  Show users who Rated this:
Quality:Very Good
Back to Overview  
03/04/2002 03:03 PM ID: 18398 Permalink   

Simple HTML Can Hack Your Windows

 

Hackers can run anything on your Windows with command written in HTML, an Israeli security researcher said. The trick works on Internet Explorer and Outlook even if active scripting and ActiveX are disabled. A demonstration script is available.

It starts the calculator out of an HTML file. MS said they will patch the hole, but a workaround proposed by Axel Pettinger and Garland Hopkins is apparently working. The registry patch is also available on the source.

Although the workaround will cause IE to launch a security warning that can not be turned off.

 
  Source: www.theregister.co.uk  
    WebReporter: the at Show Calling Card      
  Recommendation:  
ASSESS this news: BLOCK this news. Reason:
   
  10 Comments
  
  As usual...  
 
Nice.

Our friends at microsoft have again overextended themselves by trying to pack too much, too easily, into their soft...
 
  by: brucehum     03/04/2002 04:15 PM     
  Thats disturbing!  
 
That actually works! Why am I not surprised. Heads are gonna roll at M$ after this one...
 
  by: stclairwill2   03/05/2002 01:48 AM     
  M$ always has security holes. What do you expect?  
 
Heads are not going to roll at Microsoft. There is a patch every week on the website for windows or IE or both. IE is about as open as an old whore, and outlook will only ever open email.

You never se security holes like this reported in the Netscape or Opera suite of products for tyhe internet, do you?

Yet the sheeples continue to blindly, stupidly continue using IE. So what if it can display pretty colours and scrolling text. Is it really worth having your system corrupted just for looks? (don't answer if you had plastic surgery that was not a medical need)

Get netscape. It does everything IE and outlook and frontpage do, for all intents and purposes. Or if you want to avoid AOhell, get Opera. Need the links?

(and yes, I meant to insult the intellgence of those still using IE. Why do you do it? You know you are going to get corrupted. Don't you??)
 
  by: palehorse   03/05/2002 06:40 AM     
  why does everyone slam down microsoft?!?  
 
ok, in this instance, I can't believe someone asshole hasn't used the format command yet...this is a really bad flaw...

but why do people always blame microsoft? It's not that easy for a group of people to make something that the other large group of people (the whole friggin rest of the world) cant find a flaw in!
 
  by: Greg386   03/05/2002 07:22 AM     
  Tiny Trojan Trap stops it  
 
The piece of software Tiny Trojan Trap 3 stops this flaw... it detects the registry acces and stops it.
The program is not freeware, but, it has 28 days of trial, plenty enough until we get a patch?

And yes, I do use Netscape, and have received 4 emails this week with a stupid virus that if I had outlook would have infected me. When will virus makers stop discriminating people? ;-)
 
  by: brucehum     03/05/2002 12:05 PM     
  pff that is not hacking  
 
anyone can launch a file
 
  by: Clark_Kent   03/05/2002 12:35 PM     
  Nice  
 
It works.
I wrote a tiny C++ exe and put it on my server.
I changed the sample script to predownload the exe and then run the script.
I wheeled on back to a default install machine and typed in the http address of the script.
Without even a warning my exe formated the 3 1/5 drive.
 
  by: rw   03/06/2002 05:27 AM     
  Gee whiz...  
 
Doesn't anyone remember the "file:" protocol? Both Netscape and IE support this. They can both do the same thing.
 
  by: foachon   03/06/2002 07:29 AM     
  Yeah, and ?  
 
Doesnt do a thing on my machine running XP Pro.
 
  by: AmazingRando   03/07/2002 09:43 AM     
  next you will be able to hack windows by breathing  
 
next you will be able to hack windows by breathing
 
  by: viper101   03/08/2002 09:19 PM     
 
 
Copyright ©2014 ShortNews GmbH & Co. KG, Contact: info@shortnews.com