Originally posted by tmetzlerYes it is a live exploit. I've seen it implemented via an embedded swf file on a webpage. Apparently whoever wrote the exploit has kept it from becoming common knowledge how it works by encrypting the swf so the hole can't be patched easily.
It there is an exploit that XNZ has "heard" about, then it seems to me that he should be able to provide some reference to it.
"The ones you should worry about are the ones that are not yet common knowledge."
Oh, so we are talking about theoretical or REAL exploits? I'm pretty sure XNZ was referring to an actual LIVE exploit. Oh no, the boogie-man-exploit is gonna get me.
Therefore it hasn't become common on the web yet (as only a handful it seems know how to exploit it) but something to keep an eye on.
Originally posted by XanthosNZIn what actual way could this exploit become a serious problem? Could you give an example as what could be gained and for what purpose in your opinion? Maybe I am asking a dumb question. Is it?
Yes it is a live exploit. I've seen it implemented via an embedded swf file on a webpage. Apparently whoever wrote the exploit has kept it from becoming common knowledge how it works by encrypting the swf so the hole can't be patched easily.
Therefore it hasn't become common on the web yet (as only a handful it seems know how to exploit it) but something to keep an eye on.
Originally posted by cashthetrashThink of things you've had in your clipboard at some point. Passwords? Bank numbers? Email Addresses? Your Entire Unpublished Novel?
In what actual way could this exploit become a serious problem? Could you give an example as what could be gained and for what purpose in your opinion? Maybe I am asking a dumb question. Is it?
Anything you wouldn't want to give to a unscrupulous person?
Originally posted by tmetzlerNow that's just plain stupid. Excuse me for saying this, but yes: from your perspective (being an apparent computer illiterate) the boogie-man-exploit is going to get you - sooner or later.
Oh no, the boogie-man-exploit is gonna get me.
The point is, if the exploit is out in the open (everyone knows about it and it's easily fixed through windows update) it's not really gonna harm your computer, now is it? That is, if you care to update your systems every once in a while. The exploits you need to worry about are the ones that are not yet common knowledge. Of course, there's absolutely nothing you can do about them accept using software with a better trackrecord. If you still think (after a decade of mishaps) that MS technology falls under the categories stable and secure, I guess you sort of deserve the boogie-man-exploit. 😀
To provide links to exploits discovered in the past is to show the credibility of that specific software. There are exploits discovered in firefox and all the other browsers as well. But they're not nearly as many and are usually fixed really, really fast. You can keep using MS technology for all I care, but don't deny the facts presented before you. IE has a very bad trackrecord when it comes to compatibility with standards, security and stability. This is the very reason why browsers like firefox have now started to make ground.
So, if an exploit is pointed to and it's several months old (like the one I gave in a previous post), it doesn't mean that there are no new exploits today. If it's IE, you can pretty much rely on the fact that there are "new" dangerous exploits reported in Microsoft's own website every so often. This is almost as certain as the sun rises every morning. Moreover, you will no doubt read something to the extent of that exploit having been around for months before it's fixed.
The boogie-man. 😉
