[forbes] 18-Year-Old Security Flaw.. steal credentials from Windows

Toggle sidebar Toggle sidebar
C

cabri

Diamond Member
Nov 3, 2012
3,616
1
81
From the article; it seems as if a legitimate request for update gets intercepted and redirected to a bogus server.

Can someone explain how does the intercept happen if the original request was going to a legit update server.
how does the man-in-the-middle generate the detour :confused:
 
Fardringle

Fardringle

Diamond Member
Oct 23, 2000
9,200
765
126
"Imagine if a person was in a coffee shop browsing the internet on a Windows laptop using free, unsecured wifi, explains Cylance senior researcher Brian Wallace, who discovered the vulnerability. If an attacker was able to gain access to the device through a man-in-the-middle attack, the attacker could use the vulnerability to get user credentials for a number of vulnerable apps."

In other words, the attacker would implement the hack on a compromised network and from there gain the credentials of people connecting to that network.
 
C

cabri

Diamond Member
Nov 3, 2012
3,616
1
81
Fardringle said:
"Imagine if a person was in a coffee shop browsing the internet on a Windows laptop using free, unsecured wifi, explains Cylance senior researcher Brian Wallace, who discovered the vulnerability. If an attacker was able to gain access to the device through a man-in-the-middle attack, the attacker could use the vulnerability to get user credentials for a number of vulnerable apps."

In other words, the attacker would implement the hack on a compromised network and from there gain the credentials of people connecting to that network.
Click to expand...

Domino theory then - thanks for clarification
 
D

Dude111

Golden Member
Jan 19, 2010
1,495
5
81
This is only possible I believe if you have a network setup.. Otherwise you will get 'NETWORK NOT ACCESSIBLE' alerts....
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom