Go homepage(回首页) Upload pictures (上传图片) Write articles (发文字帖)
The author:(作者)delvpublished in(发表于) 2014/1/10 8:16:47 Don’t send Windows system crash error report
Do not send a Windows system crash error report-system crash, error report, hackers-IT information Do not send a Windows system crash error report
Recently Websense Security Research Group, a new study shows that consumer uses Windows system error report, to submit an error report to Microsoft, then this is likely to be a hacker to intercept, and on the basis of the information to help hackers to develop policy.
When the system crashed, the corresponding dialog box will pop up, which contains in detail the operation of the device state information, Windows version information, application information, and this information may be a hacker intercepting.
When the system crashes or application will pop up error reporting, typically require the user to confirm whether the error information to Microsoft, transmit some information but tend not to interact with the user. New USB drive connected successfully, information about the host and are using the Windows version number, installed service packs, BIOS information, and so on.
Although these data leaks have no big deal, but for a hacker who aim at a company, this information is very valuable, this can help hackers targeted tests on the network currently known systems vulnerabilities and weak points. Websense group pointed out saying: "as a result of a system crash information is still very useful for hackers and hacker takes this may develop a new 0 vulnerabilities. ”
千万别发送Windows系统崩溃错误报告 - 系统崩溃,错误报告,黑客 - IT资讯千万别发送Windows系统崩溃错误报告
最近一个名为Websense的安全研究小组的最新研究成果表明,消费者所使用的Windows系统在出现错误报告时,如果将错误报告提交给微软公司,那么这将很有可能被黑客截取,并依据这些信息帮助黑客制定相关攻击策略。
当系统出现崩溃的时候会弹出相应的对话框,这些信息中详细包含了设备的运行状态,Windows的版本信息、应用信息等,而这些信息都有可能被黑客监听到。
虽然当系统或者应用程序崩溃的时候会弹出错误报告,通常需要用户的确认才是否将这些错误信息传递给微软,不过在传输的时候有些信息往往不会跟用户进行交互。比如新U盘成功连接、关于主机的信息和正在使用的Windows版本号、安装的服务包、BIOS信息等等。
尽管这些数据看上去泄漏也无什么大碍,但是对于瞄准一家公司的黑客来说,这些信息是非常宝贵的,这能够帮助黑客在网络中有针对性的测试目前已知的系统漏洞和脆弱点。Websense小组指出:“由于系统崩溃而产生的信息对于黑客来说依然非常有用,并以黑客借此可能会研发新的零日漏洞。”
赞