All Windows 10 users, beware!!!

[Ringel05]

20 year old (unfixed) flaw will let hackers steal your usernames and passwords IF you are using Internet Explorer/Edge

A previously disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.

But now a new proof-of-exploit shows just how easy it is to steal someone's credentials.

The flaw is widely known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

Microsoft won't fix Windows flaw that lets hackers steal your username and password | ZDNet

To help protect yourself:

1. Open Control Panel
2. Open Internet Properties
3. Select Advanced tab
4. Untick "Integrated Windows Authentication"
5. Click Apply.
http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/

Reboot.

 

[Dale Smith]

20 year old (unfixed) flaw will let hackers steal your usernames and passwords IF you are using Internet Explorer/Edge

A previously disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.

But now a new proof-of-exploit shows just how easy it is to steal someone's credentials.

The flaw is widely known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

Microsoft won't fix Windows flaw that lets hackers steal your username and password | ZDNet

To help protect yourself:


1. Open Control Panel
2. Open Internet Properties
3. Select Advanced tab
4. Untick "Integrated Windows Authentication"
5. Click Apply.

Reboot.

Since Windows 10 was offered for free, I figured that it was bullshit. I'm glad that I didn't take Microsoft up on their generous offer. (snicker)

 

[Dekster]

Fortunately the only thing I ever use Explorer for is to download another browser. My Win10 computer came with firefox pre-installed which was a first for that so I assume it was done by the manufacturer and not part of the standard MS package.

 

[DarkFury]

I'm using W-10 on my new tablet but Chrome is my search engine.

 

[Dekster]

I'm using W-10 on my new tablet but Chrome is my search engine.

Chrome is not as user friendly as some of the other browsers.....at least it wasn't when it came out. I haven't tried it since, and while this is true of any software in reality, I feel like anything Google just sends your info straight into the NSA database.

 

[DarkFury]

I'm using W-10 on my new tablet but Chrome is my search engine.

Chrome is not as user friendly as some of the other browsers.....at least it wasn't when it came out. I haven't tried it since, and while this is true of any software in reality, I feel like anything Google just sends your info straight into the NSA database.

My tablet is strictly for video. It does fine with that.

 

[yiostheoy]

20 year old (unfixed) flaw will let hackers steal your usernames and passwords IF you are using Internet Explorer/Edge

A previously disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.

But now a new proof-of-exploit shows just how easy it is to steal someone's credentials.

The flaw is widely known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

Microsoft won't fix Windows flaw that lets hackers steal your username and password | ZDNet

To help protect yourself:

1. Open Control Panel
2. Open Internet Properties
3. Select Advanced tab
4. Untick "Integrated Windows Authentication"
5. Click Apply.

Reboot.

So what does this do?

What is the downside? What will not work afterwards?

How does this stop the hack?

 

[Ringel05]

20 year old (unfixed) flaw will let hackers steal your usernames and passwords IF you are using Internet Explorer/Edge

A previously disclosed flaw in Windows can allow an attacker to steal usernames and passwords of any signed-in user -- simply by tricking a user into visiting a malicious website.

But now a new proof-of-exploit shows just how easy it is to steal someone's credentials.

The flaw is widely known, and it's said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.

The flaw wasn't considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts -- which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.

Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.

Microsoft won't fix Windows flaw that lets hackers steal your username and password | ZDNet

To help protect yourself:

1. Open Control Panel
2. Open Internet Properties
3. Select Advanced tab
4. Untick "Integrated Windows Authentication"
5. Click Apply.

Reboot.

So what does this do?

What is the downside? What will not work afterwards?

How does this stop the hack?

It allows you to automatically access any and all M$ accounts (XBox, Mail, Cloud, etc) you might have with a single login when you log into your Win 8 or Win 10 computer using the Microsoft mail account login at bootup, disabling it means you would have to log into each one individually. That means it doesn't specifically stop the hack it just limits the damage it can do.
You can also help protect yourself by not using IE/Edge and by logging in (at bootup) with a local account that does not connect you to your Microsoft mail account (thereby every M$ account you might have).

 

[waltky]

Watch out for the virtual assistant in Win10...

Cortana: The spy in Windows 10
Aug 15, 2016 - Cortana, Windows 10’s built-in virtual assistant, is both really cool and really creepy

When I first saw Mr. Spock talking to the Enterprise’s computer, I thought it was so cool. I still do. But the more I look at Cortana, Windows 10’s inherent virtual assistant, the more creeped out I get. Let’s start with Cortana’s fundamental lust for your data. When it’s working as your virtual assistant it’s collecting your every keystroke and spoken syllable. It does this so it can be more helpful to you. If you don’t like that, well, you’ve got more problems than just Cortana. Google Now and Apple Siri do the same things. And it’s not just virtual assistants; every cloud-based software as a service (SaaS) does this to one degree or another — Google Docs, Office 365, whatever. But Cortana doesn’t stop there. With the recently released Windows 10 Anniversary Update, hereafter Windows 10 SP1, you can’t shut Cortana off.

Maybe you don’t mind Microsoft listening to your every word so it can catch when you say, “Hey, Cortana.” I do. Yes, I want the coolness factor of being able to talk to my computer. But I want the reassurance that it’s not listening when I don’t need it to be. I want a simple on/off switch. Windows 10 SP1 doesn’t have one. This is interesting, though: Windows 10 Education does. Microsoft apparently is willing to respect the privacy of students. The rest of us? Not so much. What you can do in Windows 10 SP1 is cripple Cortana when you install the operating system. But Cortana then becomes no more than a front end to Microsoft’s Bing search engine. You lose the ability to talk to your computer. You’ll no longer be able to tell Windows 10 to get you an Uber or tell you how the Chicago Cubs did today.

If you’re anti-Cortana, don’t install Windows 10 SP1 with “Express settings.” Instead, follow the steps described by Jared Newman in PC World. You will make Windows 10 less useful but a lot more private. If you’re not comfortable with Cortana collecting your contacts, location, calendar data, and text and email content and communication history, you’ll want to do this. Don’t, though, if you want the full Cortana experience and you don’t mind Microsoft collecting everything except your car keys. And maybe you don’t. Many of us are reconciled to the mantra of the internet economy: “If you’re not paying for it, you are the product.” Companies such as Facebook and Google give all their free social and search goodies in return for our web history, which they then transform into cash with targeted advertising. And as for Microsoft, it makes a point of saying Cortana doesn’t do that. Why do I not feel reassured?

Now that I think of it, though, you can’t (easily) get Windows 10 for free anymore. So you get to pay Microsoft with both cash ($199.99 for Windows 10 Pro) and your data. Oh boy! Microsoft also claims that Windows 10 SP1 is safer than ever, which I find even less assuring than the promise not to exploit all that Cortana data. Think about this: You can use Cortana from the lock screen. That’s right; Cortana is active and listening to when your PC is locked. Well, it’s supposed to be locked, but if it’s able to listen, how locked down is it, really? Not very! Microsoft calls this a feature that gives you the ability to ask your PC simple questions without logging in. But I call anything that lets me input data into a PC without being logged into it a bug. It’s a security hole begging to be exploited. Windows, which God knows has had more than enough security problems, now has a new attack surface. Fortunately, you can fix this one easily. Just open Cortana’s Settings and turn off the “Use Cortana even when my device is locked.”

MORE

 

[namvet]

I have 7 and im sticking with it. went up to best buy had em tick on the 10 desktop. forget it they can keep it

 

[iamwhatiseem]

Ringel05
Upon last update - I noticed Cortana is back. Even though I have it disabled, even though I installed the script that blocks Win-spying.
Microsoft hasn't fixed an ancient well known hack - but they did take the time to rewrite code to work around the anti-WinSpy script.

 

[Ringel05]

Ringel05
Upon last update - I noticed Cortana is back. Even though I have it disabled, even though I installed the script that blocks Win-spying.
Microsoft hasn't fixed an ancient well known hack - but they did take the time to rewrite code to work around the anti-WinSpy script.

Task Manager, Processes,
right click on Cortana,
Open file location,
rename folder (add .bak at the end)
Click on save.

It will tell you the file is in use and give you the option to try again

Having left File Manager open, right click on Cortana, end task then very quickly click on try again in the renaming pop up and watch Cortana disappear from Task Manager.
If you're using Classic Shell or Startisback you should still have the search feature function in Windows Explorer.
Granted M$ will most likely reinstall Cortana with the next major update and we'll get rid of it again.

 

[iamwhatiseem]

Ringel05
Upon last update - I noticed Cortana is back. Even though I have it disabled, even though I installed the script that blocks Win-spying.
Microsoft hasn't fixed an ancient well known hack - but they did take the time to rewrite code to work around the anti-WinSpy script.

Task Manager, Processes,
right click on Cortana,
Open file location,
rename folder (add .bak at the end)
Click on save.

It will tell you the file is in use and give you the option to try again

Having left File Manager open, right click on Cortana, end task then very quickly click on try again in the renaming pop up and watch Cortana disappear from Task Manager.
If you're using Classic Shell or Startisback you should still have the search feature function in Windows Explorer.
Granted M$ will most likely reinstall Cortana with the next major update and we'll get rid of it again.

The eventuality is M$ "hard coding" Cortona...example could be elevating/eliminating access to the process...sure to come soon. M$ is clearly not going to give up on the plan to turn the OS into a data mining revenue machine.

 

[Ringel05]

Ringel05
Upon last update - I noticed Cortana is back. Even though I have it disabled, even though I installed the script that blocks Win-spying.
Microsoft hasn't fixed an ancient well known hack - but they did take the time to rewrite code to work around the anti-WinSpy script.

Task Manager, Processes,
right click on Cortana,
Open file location,
rename folder (add .bak at the end)
Click on save.

It will tell you the file is in use and give you the option to try again

Having left File Manager open, right click on Cortana, end task then very quickly click on try again in the renaming pop up and watch Cortana disappear from Task Manager.
If you're using Classic Shell or Startisback you should still have the search feature function in Windows Explorer.
Granted M$ will most likely reinstall Cortana with the next major update and we'll get rid of it again.

The eventuality is M$ "hard coding" Cortona...example could be elevating/eliminating access to the process...sure to come soon. M$ is clearly not going to give up on the plan to turn the OS into a data mining revenue machine.

Of course they're not, it's the "future".........

 

[iamwhatiseem]

Ringel05
Upon last update - I noticed Cortana is back. Even though I have it disabled, even though I installed the script that blocks Win-spying.
Microsoft hasn't fixed an ancient well known hack - but they did take the time to rewrite code to work around the anti-WinSpy script.

Task Manager, Processes,
right click on Cortana,
Open file location,
rename folder (add .bak at the end)
Click on save.

It will tell you the file is in use and give you the option to try again

Having left File Manager open, right click on Cortana, end task then very quickly click on try again in the renaming pop up and watch Cortana disappear from Task Manager.
If you're using Classic Shell or Startisback you should still have the search feature function in Windows Explorer.
Granted M$ will most likely reinstall Cortana with the next major update and we'll get rid of it again.

The eventuality is M$ "hard coding" Cortona...example could be elevating/eliminating access to the process...sure to come soon. M$ is clearly not going to give up on the plan to turn the OS into a data mining revenue machine.

Of course they're not, it's the "future".........

That is a great gif! lol

 

[Ringel05]

Ringel05
Upon last update - I noticed Cortana is back. Even though I have it disabled, even though I installed the script that blocks Win-spying.
Microsoft hasn't fixed an ancient well known hack - but they did take the time to rewrite code to work around the anti-WinSpy script.

Task Manager, Processes,
right click on Cortana,
Open file location,
rename folder (add .bak at the end)
Click on save.

It will tell you the file is in use and give you the option to try again

Having left File Manager open, right click on Cortana, end task then very quickly click on try again in the renaming pop up and watch Cortana disappear from Task Manager.
If you're using Classic Shell or Startisback you should still have the search feature function in Windows Explorer.
Granted M$ will most likely reinstall Cortana with the next major update and we'll get rid of it again.

The eventuality is M$ "hard coding" Cortona...example could be elevating/eliminating access to the process...sure to come soon. M$ is clearly not going to give up on the plan to turn the OS into a data mining revenue machine.

Of course they're not, it's the "future".........

That is a great gif! lol

It's from the B movie They Live. Of course many of the signs were changed for the gif.

 

[Stasha_Sz]

thanks Ringel

 

[WheelieAddict]

Hahaha....not many ways to avoid Microsoft. I'm still on 7 on one setup and was Linux on my old core2duo that recently bit the dust after years being overclocked. I'm about to build an all in one gaming/htpc. Just no way I can avoid Windows 10.