Netflix Users In Danger of Unknowingly Picking Up Malware 153
An anonymous reader writes "Users of Silverlight, Microsoft's answer to Adobe Flash, are in danger of having malware installed on their computers and being none the wiser, as an exploit for a critical vulnerability (CVE-2013-0634) in the app framework has been added to the Angler exploit kit. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements."
You'd think something like Silverlight would automatically upgrade itself.
Unknowingly? (Score:5, Insightful)
Tell me, when is the last time you knowingly were infected with malware?
The best solution is to lock down Silverlight (Score:2, Insightful)
For plugins like silverlight that run code rather poorly sandboxed, you should lock them to a whitelist, so that only web sites you have preapproved can use them.
Additionally, you should only run them on an unpriviledged user. (Something many Windows users don't do with anything as a regular practice.)
These two measures won't eliminate your risk, but they will dramatically reduce it.
Netflix users? (Score:4, Insightful)
Hey come on, gotta hate on MS! (Score:5, Insightful)
I mean if some random shit "security blog" posts a trumped up story to try and get traffic, it is Slashdot's DUTY to repeat it here, with no checking or verification! After all, better everyone is scared of their own shadow than informed about security.
Seriously this is just pathetic. As I said: This is some random ass site that is trying to get people to come and read, and it worked. By making a scare story about how Netlfix users on Windows are vulnerable they managed to get some Linux fanboy to submit the story to Slashdot. The editors then did what they do, which is to say NOT EDIT and just posted it. Great success for shit site, they now got a bunch of undeserved traffic.
What is sadder is how uninformed this makes all involved look. the statement of "You'd think something like Silverlight would automatically upgrade itself." Yes, it DOES you fucking moron. One thing you have to give MS is that Windows update will patch all their stuff for you. Let it do its thing and you get security updates, as they are released. You don't need to pay attention or anything, it'll just happen. This includes things not installed by default like Silverlight, or older versions of the .NET runtimes.
This is just a massive pile of fail. It is not news, not even really old news. There was a bug, they patched it. This would be "how shit works", or at least how it should.
How does this stuff get the green light? (Score:5, Insightful)
1) This has nothing to do with Netflix. I am a Netflix user and I suspect that my Roku is not affected by the vulnerability in question.
2) Silverlight *does* get updated with automatic updates.
3) The vulnerability in question was fixed in March (MS13-022).
Re:The best solution is to lock down Silverlight (Score:4, Insightful)
How do you lock silverlight to a whitelist?