Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › yahoo mail keeps getting hacked
New Posts  All Forums:Forum Nav:

yahoo mail keeps getting hacked - Page 7

post #61 of 64
Quote:
Originally Posted by Spooony View Post
not posting zero day hacks. Those are reported vulnerabikties: that's it. Its not about linux. Its about UAC and Windows. Again UAC and Windows. It doesn't take a zero day hack to rip your cookie info btw. The server asks for it and your browser provides it. Nothing special. In that cookie is your email password and username in plain text. You don't need elevated privileges or anything. But saying UAC enabled on windows is unneeded and then go declare your running Linux is like telling someone a safety belt is useless because you ride a bicycle and you don't need it.
My bad, 0day vulnerabilities. They would turn into 0day hacks (if the person reporting was malicious) and would still be useless.

I'm on Windows right now, with UAC disabled. Oh my, I do use Windows how weird. My Windows 8 partition also has UAC disabled. Why? Because I haven't used UAC since it came out, which got instantly disabled. this was back when we had the Longhorn fiasco.

Since I've never used it and only ever contracted 2 viruses I'm going to say it is worthless. One of the infections was WinXP, no UAC. The other was Vista? It only infected the 32bit WOW layer so it really wasn't anything dubious. Out side of those two I've never had an infection, been using since W98 and don't ever run AV. How peculiar, that shouldn't be possible should it. =)
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #62 of 64
Quote:
Originally Posted by mushroomboy View Post
My bad, 0day vulnerabilities. They would turn into 0day hacks (if the person reporting was malicious) and would still be useless.

I'm on Windows right now, with UAC disabled. Oh my, I do use Windows how weird. My Windows 8 partition also has UAC disabled. Why? Because I haven't used UAC since it came out, which got instantly disabled. this was back when we had the Longhorn fiasco.

Since I've never used it and only ever contracted 2 viruses I'm going to say it is worthless. One of the infections was WinXP, no UAC. The other was Vista? It only infected the 32bit WOW layer so it really wasn't anything dubious. Out side of those two I've never had an infection, been using since W98 and don't ever run AV. How peculiar, that shouldn't be possible should it. =)
Why yes, your dubious circumstantial evidence is clearly absolute proof.
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Reply
Shinobu
(16 items)
 
Nodoka
(16 items)
 
Index
(4 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-3570K Asus P8Z77-I Deluxe HD6450 Flex Crucial 16GB (2x 8GB) Ballistix Elite 
Hard DriveHard DriveOSMonitor
Samsung SSD 840 EVO 250GB TOSHIBA DT01ACA300 Arch Linux Dell UltraSharp U2713HM 
MonitorMonitorKeyboardPower
Dell U2410 Dell 2407WFP Cherry - Cherry Blue Switches (Unlabeled keys) Seasonic X-650 
CaseMouseAudioAudio
BitFenix Prodigy Black Logitech M570 Trackball Sennheiser HD595 Creative GigaWorks T20 
CPUMotherboardGraphicsRAM
Intel Core i5 3570K Zotac Z77-ITX WiFi EVGA 680 GTX Samsung 
Hard DriveHard DriveOSMonitor
Samsung 256GB 830 Samsung SpinPoint HD501LJ Windows 7 Dell U2410 
MonitorMonitorKeyboardCase
Dell 2407WFP Dell E248WFP Cherry Black (MX Blue Switches, Blank Keys) Silverstone Sugi SG08B 
MouseAudioAudio
Logitech Trackman Logitech Z-5500 Sennheiser HD595s 
CPUMotherboardRAMHard Drive
AMD Athlon II X2 240e Asus M5A78L-M/USB3 Crucial 8GB (2x4GB) DDR3 1600Mhz Ballistix Sport 1.5TB Hard Drives 
  hide details  
Reply
post #63 of 64
Quote:
Originally Posted by mushroomboy View Post
My bad, 0day vulnerabilities. They would turn into 0day hacks (if the person reporting was malicious) and would still be useless.

I'm on Windows right now, with UAC disabled. Oh my, I do use Windows how weird. My Windows 8 partition also has UAC disabled. Why? Because I haven't used UAC since it came out, which got instantly disabled. this was back when we had the Longhorn fiasco.

Since I've never used it and only ever contracted 2 viruses I'm going to say it is worthless. One of the infections was WinXP, no UAC. The other was Vista? It only infected the 32bit WOW layer so it really wasn't anything dubious. Out side of those two I've never had an infection, been using since W98 and don't ever run AV. How peculiar, that shouldn't be possible should it. =)
never had one you know about. You don't need a zero day to infect someone. Most people run free avs or the runtime packer option is off by default. ok I already exploited a way to get past your antivirus. I wouldve needed a vulnerability in windows to get past UAC to elevate its privileges and to create a service as well as start when windows start. But since UAC is turned off I already got that privileges hell I can turn of your av as well coz I got same privileges as it. UAC of no kernel protection so I can install drivers services without worry.
post #64 of 64
Quote:
Originally Posted by Spooony View Post
never had one you know about. You don't need a zero day to infect someone. Most people run free avs or the runtime packer option is off by default. ok I already exploited a way to get past your antivirus. I wouldve needed a vulnerability in windows to get past UAC to elevate its privileges and to create a service as well as start when windows start. But since UAC is turned off I already got that privileges hell I can turn of your av as well coz I got same privileges as it. UAC of no kernel protection so I can install drivers services without worry.
All I herd is BLA BLA BLA BLA, because without an actual detail of your exploit your just talking crap that you "can do". You read on possible exploits as if they are real in every system, it's very annoying. So if I browse in 32bit, running a 64bit kernel (because I want my dang silverlight), how do you get past any of that to my main system? You can't, you know you can't, and you are avoiding the topic.

[edit, was lazy so I did a simple google search and it proved good]


http://blogs.msdn.com/b/gauravseth/a...24/582091.aspx
Code:
While as the name implies, native 64-bit takes advantage of the native 64-bit computing platform, 
Windows-On-Windows environment, WoW, WOW64 etc. are all names that refer to an x86 
emulator that allows 32-bit Windows-based applications to run on 64-bit Windows. Wow64 
allows 32-bit productivity applications developed using the .NET Framework 1.0, 1.1 and 2.0 and 
Win32 to run on 64-bit Windows and take advantage of the 64-bit Windows kernel which offers a 
larger number of kernel handles and window handles. WoW64 supports 32-bit console, GUI and 
service application, and although some 32-bit server applications may be certified to run on 
WoW64, WoW64 is NOT intended for 32-bit server apps. WoW64 does NOT support 16-bit Windows 
apps.
The only code that interfaces with the services and drivers is 64bit code. You would have to be able to either compile a 32bit program to be able to interface with the 64bit kernel (extremely unlikely) or know two exploits that allow you to download/run 64bit code. [edit] I guess you could have 64bit code be able to call 32bit functions that might have exploits but I believe MS decided not to do that. They separated the 64bit apps from the 32bit apps due to the known exploits.

[edit2: extended thoughts because I'm a stoner]
When they get silverlight updated to 64bit (soon) I would then consider running at least MSE on my main rig. Just a simple, SIMPLE, driver level AV would stop just about everything. At least stop all the kiddie coders who do most viruses/rootkits. The current 64bit virus (that isn't for the portable editions) has to be made in assembly. That's a pain in the arse to code and the only way (I'm guessing) they got around driver signing. It also only works on Intel platforms, so you would have to have the same extensive knowledge about AMD and then re-write it in assembly.

[rootkit 64]
http://www.theregister.co.uk/2010/11...4_bit_windows/

Unfortunately they don't list how you get the rootkit installed. So you still need to gain root privileges outside of WOW.

http://www.malwarecity.com/news/new-...acos-1088.html
I believe you have to run in "testing" physically, which is a NO NO unless you have something you NEED to test.

http://www.zdnet.com/blog/security/h...n-pwn2own/5855
Proof it can be done, doesn't detail what version of the browser. It also has (probably) been patched by now, though proof that 0days are still massively strong.

http://www.ubergizmo.com/2010/05/mic...lay-component/
Patched, but will work without UAC.

In fact, I believe all of these bypass UAC, because none of the articles ever say that having UAC on keeps you safe. Wonder why that is? I retract the driver signing, because they did some really neat things. I also believe "bcdedit.exe –set TESTSIGNING ON" doesn't work if you are already running the kernel. You could patch the loader, as the other exploit does, though you still need to figure out how to get root privileges. I could see the 64bit browser being exploited, and as I've said (don't know how many times) that you should take advantage of WOW.

http://www.informationweek.com/news/...ties/229402086

That's crazy good.

I'm sure you can get root privileges out of WOW somehow, the coding and complexity isn't for a standard programmer. As the above article states you need experience in the x64 field. The more complex these exploits need to be the less of them we see as people don't want to learn all the ins and outs. I like statistical safety, the chances of me getting infected are so huge that I'm willing to roll the dice on this. It's like skydiving, yeah you can die but look at how many people do it.

[last point I swear] If your dealing with a programmer that has the skill to make these exploits they will probably tell you UAC is useless. Because they will get around it very easily, it isn't as simple as the XP days were. Things are much harder to get around, you have to find exploits at a more lower level in the kernel and there for bypassing much more than UAC. If the programmer is this good your screwed no matter what you are running. That's why I say 0day exploits are moot, even AV doesn't have that patched.

[edit I lied]
http://www.zdnet.co.uk/news/desktop-...sers-39384068/

It also helps users be more AWARE. In truth if you know what's going on and what you are installing/running then it shouldn't be a problem to have off. It is dumb security and originally was ment to be annoying.

http://4sysops.com/archives/the-myth...and-windows-7/

Good read, as you can change user settings without a prompt and then change system settings/files. WOO WOO GOOD OL UAC

http://www.coresec.org/2011/02/22/wi...alation-0-day/

These exploits don't even rely on malicious code at kernel level. Not to mention if you artificially create a task (can be done) that is running as the "system" user UAC is automatically bypassed. It doesn't have that type of privileges, ever. I'm a linux advocate and I know this, because I don't use windows.
Edited by mushroomboy - 6/29/11 at 12:32pm
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › yahoo mail keeps getting hacked