Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unencrypted Windows Crash Reports a Blueprint For Attackers

Posted by timothy on from the distributed-fuzzing-attack dept.

An anonymous reader writes "According to Forbes online, up to 1 billion PCs are at risk of leaking information that could be used as a blueprint for attackers to compromise a network from Microsoft Windows Error Reporting (WER) crash reports that are sent in the clear. Researchers at Websense Labs released a detailed overview of the data contained in the crash reports, shortly after Der Spiegel released documents alleging that nation-state hackers may have used this information to execute highly targeted attacks with a low risk of detection, by crafting attacks specifically for vulnerable applications that are running on the network. Also interesting to think that Microsoft knows exactly what model of phones that you have plugged into your PC..."

1 of 103 comments (clear)

  1. Re:Not everything is about software security. by recoiledsnake · · Score: 5, Informative

    If you're really concerned about security on your individual systems, DONT USE WINDOWS. There, fixed it for ya.

    Ubuntu does the same, if not worse.
    https://launchpad.net/apport

    pport intercepts Program crashes, collects debugging information about the crash and the operating system environment, and sends it to bug trackers in a standardized form. It also offers the user to report a bug about a package, with again collecting as much information about it as possible.

    It currently supports

      - Crashes from standard signals (SIGSEGV, SIGILL, etc.) through the kernel coredump handler (in piping mode)
        - Unhandled Python exceptions
        - GTK, KDE, and command line user interfaces
        - Packages can ship hooks for collecting speficic data (such as /var/log/Xorg.0.log for X.org, or modified gconf settings for GNOME programs)
        - apt/dpkg and rpm backend (in production use in Ubuntu and OpenSUSE)
        - Reprocessing a core dump and debug symbols for post-mortem (and preferably server-side) generation of fully symbolic stack traces (apport-retrace)
        - Reporting bugs to Launchpad (more backends can be easily added)

    If you're really concerned about WER on Windows, just say no when it asks you to send crash reports.

    --
    This space for rent.