The flaw in Windows 8 allows you to track every installed user program
Exploitation of the vulnerability carries a double threat: Microsoft will keep track of every downloaded program and attackers can compromise the database user IP-addresses.
According to the student and software developer Nadim Kobeissi, operating system Windows 8 contains a vulnerability that allows Microsoft's track each set by the user program.
Kobeissi, who became famous after a chat Safety Cryptocat, noted that there is a gap in the function of SmartScreen, which is equipped with the new operating system. According to experts, every time a user installs a new program or an application, the operating system sends information about the installed product in Microsoft. This information is sufficient to ensure that employees have identified the application, and to compare the data obtained with the IP-address of the user and to generate statistics about who and what applications install. In addition, Kobeissi noted that the server to which to send information using secure protocol SSLv2.
Recall that the SmartScreen service was first installed in Internet Explorer 8 as an additional mechanism to filter phishing. When using SmartScreen Internet browser from Microsoft sends URL-address of each page in a company where a special service check addresses for malicious activity. In case of threat, Internet Explorer displays a warning and hampers access to web-resource.
In the new operating system Windows 8 SmartScreen feature expanded. The program not only scans the URL-address pages visited by the user, but also scans all downloaded files with a web browser.
Recommended Reading: SmartScreen sends to Microsoft information about each application
No comments:
Post a Comment