| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
MS silently fixes password sniffing bug with XP SP1 | |
|
||
| Time: 18:01 EST/23:01 GMT | News Source: The Register | Posted By: Byron Hinson | ||
|
Keystrokes, including passwords, can be sniffed when using Windows Terminal Server or the XP remote control feature. MS has rolled a fix silently into SP1 without making any public statement on this serious problem. The cause of the keystroke -sniffing feature is a design mistake in Microsoft's Remote Desktop Protocol (RDP) which leaks information about the contents of encrypted packets through their checksums. This is because packets with the same plaintext have matching checksums throughout a particular session. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 149 Last | Next |
The time now is
5:09:18 PM
ET.
Any comment problems? E-mail us |
| #1 By 1658 (128.255.195.64) at 9/18/2002 8:55:36 PM |
|
Funny...
A straight bit file comparison on SP1 from the day of launch and the one I just D/Led from their site shows no differences whatsoever... Anyone know if this report is true? It is the Register after all... and I'll probably get lambasted for this but it doesn't sound like Microsoft to me to not say ANYTHING. I could see keeping it quieter than usual but nothing??? Doubtful. |
| #2 By 2332 (65.221.182.3) at 9/18/2002 11:07:57 PM |
|
Ironically, if nobody knew about it, and Microsoft patched it, then the chance of anybody being vulnerable to attack was almost nothing.
Isn't that the way it's supposed to be? |
| #3 By 2332 (65.221.182.3) at 9/18/2002 11:18:05 PM |
| After a bit more inspection, it turns out Microsoft didn't sneak the fix into SP1, they simply added it to Windows Update. |
| #4 By 1845 (12.254.162.111) at 9/18/2002 11:19:27 PM |
|
#1, I didn't see that the article implied Microsoft has changed SP1 from its original release. I understood that they included a fix but never announced the vulnerability.
#2 I both agree and disagree, RMD. Sometimes knowing that there is a problem gives incentive to fix it. If people don't know there is an issue, they might not go to the trouble of getting SP1. Even if a few people know about the issue, then all the unpatched machines are vulnerable. |
| #5 By 1658 (128.255.195.64) at 9/18/2002 11:24:25 PM |
|
Well I just got an email with the information on the vulnerability and the address is:
http://www.microsoft.com/technet/security/bulletin/MS02-051.asp And #4... the statement "MS has rolled a fix silently into SP1" is what made me believe they had insinuated a change to the original release. :) So as suspected, they DID notify people. Happy downloading. This post was edited by aamendala on Wednesday, September 18, 2002 at 23:24. |
| #6 By 1845 (12.254.162.111) at 9/18/2002 11:45:26 PM |
| Very curious. Unfortunately the patch doesn't seem to be available, despite the fact that it claims to be. When I click the XP link, I'm told the file is unavailable. : - ( |
| #7 By 2332 (65.221.182.3) at 9/18/2002 11:47:23 PM |
| I just installed it off Windows Update. Strange... |
| #8 By 1845 (12.254.162.111) at 9/18/2002 11:49:21 PM |
| It doesn't appear there for me. Hmm. I did get a new one for a Microsoft VM fix though. |
| #9 By 1845 (12.254.162.111) at 9/19/2002 3:46:01 AM |
| It's a preSP1 fix. I was finally able to download it and was informed that I was already up to date via the installed service pack. |
| #10 By 2960 (156.80.64.132) at 9/19/2002 8:16:06 AM |
|
Bobsmith,
I just downloaded all of them. No issues... TL |
|
Write Comment
Return to News |
Displaying 1 through 25 of 149 Last | Next |
The time now is
5:09:18 PM
ET.
Any comment problems? E-mail us |
