Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others (softpedia.com)

Posted by samzenpus on from the not-a-feature dept.

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.

1 of 34 comments (clear)

  1. Re:FRESH BRAND NEW CURRENT NEWS by Anonymous Coward · · Score: 0, Troll

    Subject: Please, it is getting old...

    Oy vey benjy it's CURRENT. It is absolutely brand new and right now... and according to Microsoft it is perpetual. This is the "Last Windows". And it is intentional. Trying to sweep lies under the rug makes you look like full shill.

    If no Microsoft then no Kaspersky. They feed on this weak operating system to survive. It is not an "attack" if it blocks your Windows Updates, it is a gift.

    This story is shill. Read these while benjy does bagels.

    http://arstechnica.com/information-technology/2015/08/microsoft-has-no-plans-to-tell-us-whats-in-windows-patches/
    http://arstechnica.com/information-technology/2015/09/leaks-show-that-microsoft-writes-release-notes-so-why-cant-it-publish-them/

    https://www.gnu.org/proprietary/malware-microsoft.html
    http://www.computerworlduk.com/blogs/open-enterprise/how-can-any-company-ever-trust-microsoft-again-3569376/
    http://www.networkworld.com/article/2956574/microsoft-subnet/windows-10-privacy-spyware-settings-user-agreement.html

    http://www.technobuffalo.com/2013/08/22/nsa-windows-8-exploit/
    http://www.technobuffalo.com/2013/07/11/microsoft-gave-the-nsa-direct-backdoor-access-to-outlook-skype/
    http://winsupersite.com/windows-10/how-stop-windows-10-upgrade-downloading-your-system
    http://www.extremetech.com/computing/195592-with-windows-10-microsoft-could-move-to-a-subscription-based-model
    http://www.extremetech.com/computing/205320-microsoft-windows-10-will-be-the-last-version-of-windows
    https://www.youtube.com/watch?v=5GU5uv28a3I
    http://techrights.org/2015/07/31/vista-10-anticompetitive/
    https://www.youtube.com/watch?v=wwRYyWn7BEo
    https://www.youtube.com/watch?v=Gghj03J_ri0
    http://localghost.org/posts/a-traffic-analysis-of-windows-10
    http://www.ghacks.net/2015/08/28/microsoft-intensifies-data-collection-on-windows-7-and-8-systems/

    THESE
    https://gitlab.com/windowslies/blockwindows
    ^(have to uncomment the #'s on two url's in the hosts file per latest change)
    https://senk9.wordpress.com/checklists/windows-10-privacy-checklist/

    The YouTube video above that is gone now, was gone within days. It was a guy here on Slashdot who wiresharked (packet sniffed) all the data Microsoft was collecting with Windows 10 and filmed it and posted it on YouTube. It was removed. Gee, wonder why? The gitlab link above... you should use the hosts file if you use Windows at all... put it where you goes... but note: uncomment the two URL's with the "#'s". Those mysteriously appeared recently. It's highly likely that if you rely on that hosts file while the update url's are commented out, you get snuck some code. The URL's were only commented out with #'s in the most recent update.

    This bullshit is an unprecedented global backstab in the history of Earth. You should be using Linux. If you are using Mac it's just a matter of time, enjoy your walled garden. distrowatch.com

    "Customer Experience Improvement Program" (CEIP) derp.

    It's a monolithic crashware OS put out by a company that weaseled billions in cash by every deceitful business practice you can think of. They make gypsies look like amateurs. Oh, can't blame Bill right? He's just out doing philanthropy and working on toilets in Africa. gmab

    Linux does every single thing better... and more of it. And you can use it when you want how you want and as many times as you want... do any and everything you want. Way more Internet stuff, way more multimedia stuff, Office stuff that works great and you don't have to pay an annual subscription, way more everything. Print out Microsoft's "license" and "privacy agreement" and burn them, or just save paper.