FYI
2008-12-06, 07:29 PM
...藉影片散佈在網路上各大論壇,供人下載時趁機植入他人電腦...
購買筆電通常都會包含合法Windows, 所以理論上已知的漏洞應該都會補上, 那麼就不像是利用Windows Media Player 的漏洞加以攻擊, 新聞內容對於攻擊手法敘述過於籠統, 無助於防範之道, 然而 "影片" 如果指的是 "Flash", 那就不令人意外了, Flash 的危險性早已不是新聞, 更不亞於ActiveX, Windows 漏洞還有多少? Flash 漏洞也絕對少不了, 雖然你可以不用IE, 然而你卻很難拒絕Flash, 所以, 請勿觀看來路不明的Flash 影片或小遊戲...
建議:
立即移除舊版Adobe Flash Player 再更新至Flash 10 以上 (2008/10/07)
用紙杯或便利貼或酸痛膠布或口香糖把鏡頭遮住
離開浴室一定要穿衣服, 上床務必蓋被子, 才不會感冒
儘速接種免費流感疫苗
美眉請忽略 (a) & (b) & (c)
更新步驟:
務必關閉所有瀏覽器
開啟 "新增移除程式"
移除所有的 "Adobe Flash Player ActiveX" (for IE clone) 和 "Adobe Flash Player Plugin"
下載並執行Windows 版Flash 反安裝程式 (http://fpdownload.macromedia.com/get/flashplayer/current/uninstall_flash_player.exe), 徹底移除登錄機碼和Flash 系統程式檔案夾
最後請由每一種瀏覽器開啟 "Get Adobe Flash Player (http://www.adobe.com/go/EN_US-H-GET-FLASH)", 安裝最新版Flash Player
How to uninstall the Adobe Flash Player plug-in and ActiveX control (http://www.adobe.com/go/tn_14157)
【轉貼】Flash Player v10 中文最新版 (http://www.pczone.com.tw/thread/6/143929/) (含移除程式連結)
(轉貼)The Register:神秘Web攻擊綁架剪貼簿! (http://www.pczone.com.tw/thread/28/142944/)
Clickjacking Details (http://ha.ckers.org/blog/20081007/clickjacking-details/) (CGI source code included)
Clickjacking: Web pages can see and hear you (http://jeremiahgrossman.blogspot.com/2008/10/clickjacking-web-pages-can-see-and-hear.html)
Malicious camera spying using ClickJacking (http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/) (Demo included)
I used to know what you watched, on YouTube (http://jeremiahgrossman.blogspot.com/2008/09/i-used-to-know-what-you-watched-on.html)
Real Clickjacking? (http://www.planb-security.net/notclickjacking/iframetrick.html)
贊助商連結
購買筆電通常都會包含合法Windows, 所以理論上已知的漏洞應該都會補上, 那麼就不像是利用Windows Media Player 的漏洞加以攻擊, 新聞內容對於攻擊手法敘述過於籠統, 無助於防範之道, 然而 "影片" 如果指的是 "Flash", 那就不令人意外了, Flash 的危險性早已不是新聞, 更不亞於ActiveX, Windows 漏洞還有多少? Flash 漏洞也絕對少不了, 雖然你可以不用IE, 然而你卻很難拒絕Flash, 所以, 請勿觀看來路不明的Flash 影片或小遊戲...
建議:
立即移除舊版Adobe Flash Player 再更新至Flash 10 以上 (2008/10/07)
用紙杯或便利貼或酸痛膠布或口香糖把鏡頭遮住
離開浴室一定要穿衣服, 上床務必蓋被子, 才不會感冒
儘速接種免費流感疫苗
美眉請忽略 (a) & (b) & (c)
更新步驟:
務必關閉所有瀏覽器
開啟 "新增移除程式"
移除所有的 "Adobe Flash Player ActiveX" (for IE clone) 和 "Adobe Flash Player Plugin"
下載並執行Windows 版Flash 反安裝程式 (http://fpdownload.macromedia.com/get/flashplayer/current/uninstall_flash_player.exe), 徹底移除登錄機碼和Flash 系統程式檔案夾
最後請由每一種瀏覽器開啟 "Get Adobe Flash Player (http://www.adobe.com/go/EN_US-H-GET-FLASH)", 安裝最新版Flash Player
How to uninstall the Adobe Flash Player plug-in and ActiveX control (http://www.adobe.com/go/tn_14157)
【轉貼】Flash Player v10 中文最新版 (http://www.pczone.com.tw/thread/6/143929/) (含移除程式連結)
(轉貼)The Register:神秘Web攻擊綁架剪貼簿! (http://www.pczone.com.tw/thread/28/142944/)
Clickjacking Details (http://ha.ckers.org/blog/20081007/clickjacking-details/) (CGI source code included)
Clickjacking: Web pages can see and hear you (http://jeremiahgrossman.blogspot.com/2008/10/clickjacking-web-pages-can-see-and-hear.html)
Malicious camera spying using ClickJacking (http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/) (Demo included)
I used to know what you watched, on YouTube (http://jeremiahgrossman.blogspot.com/2008/09/i-used-to-know-what-you-watched-on.html)
Real Clickjacking? (http://www.planb-security.net/notclickjacking/iframetrick.html)
贊助商連結