We’ve all had our Windows OS crash at one time or another, and then the familiar message pops up asking if we want to send an error report back to Microsoft. Turns out, that’s the way lots of hackers have accidentally sent their malicious codes to Microsoft.
According to Microsoft senior security architect Rocky Heckman, when a “hacker’s system crashes in Windows, as with all typical Windows crashes, the user would be prompted to send the error details – including the malicious code – to Microsoft. The funny thing is that many say yes.”
At a Microsoft Tech.Ed 2010 conference session on hacking today, Heckman detailed to the delegates the top five hacking methods and the best methods for developers to avoid falling victim to them. Heckman explained how to create malicious code that could be used in cross-site scripting or SQL injection attacks and, although he said it “wasn’t anything you couldn’t pick up on the internet”, he suggested delegates use the code responsibly to aid in their protection efforts.
According to Heckman, based on the number of attacks on Microsoft’s website, the company was only too familiar with what types of attacks were most popular.
“The first thing [script kiddies] do is fire off all these attacks at Microsoft.com,” he said. “On average we get attacked between 7000 and 9000 times per second at Microsoft.com,” said the senior security architect.
“I think overall we’ve done pretty good, even when MafiaBoy took down half the internet, you know, Amazon and eBay and that, we didn’t go down, we were still up.”
Heckman said there were two reasons why the top hacking methods of cross-site scripting and SQL injection had not changed in the past six years.
“One, it tells me that the bad guys go with what they know, and two, it says the developers aren’t listening,” he said.
Heckman said that developers should consider all data input by a user as harmful until proven otherwise.
Source: Gizmodo.
Related News:
Nvidia And Microsoft Churn Out Tegra 3 Test Machines For Windows 8 Devel ...
Microsoft, In Collaboration With Authorities, Takes Down Zeus Botnets
Microsoft Announces Prize For Winner Over 'Smoked By Windows Phone' Cont ...
Google Revamps Chrome OS - Looks More Like Windows Now
How Windows RT Tablets May Compete Against iPad For Business Environments?
Microsoft Blocks The Pirate Bay From Windows Live MessengerRecent Tech News
When Facebook acquired Instagram for a whopping billion dollars, many of us kept wondering that why on Earth would the social network pay such a hefty sum for a photo sharing service. However, when Facebook later stated its ambition to be successful across the mobile platform, it was understandable since Instagram has been a huge success on the mobile devices. A recent development suggests, Facebook might have started to utilize the Instagram know-how in their (Facebook’s) products already. You will know what I mean when you see the recently launched ‘Facebook Camera’ app.
While RIM may be deemed the company that launched the true smartphone revolution with its BlackBerry devices and coined the very concept, Apple will always be termed as the company which popularized the notion of smartphones. And its not surprising to note now that iOS and Android smartphones dominate the total shipments of the smartphones made during the last quarter of 2012.
Facebook has become increasingly important for the brands to stay relevant and important on the social media. Facebook pages are a central hub for most brands to connect with their millions of fans and the social network keeps adding newer features to make this more easy and convenient. Now, Facebook has added yet another feature to pages.
Smile is a great way to express pleasure or joy at something or someone. But more often than not, it has to be forced and is fake. While that may work for a lot of people perfectly well, things are about to change. A new technology from MIT can now detect if your smile is true or fake, thus busting you right on spot for pulling that false grin.
