Steve Smith explains how to mitigate the risks of a 20-Year-Old bug never fixed by Microsoft.
Episode #6-47 released on August 8, 2016
We all use the Internet, especially those of you watching my show, and reading my show notes. Our computer credentials are definitely dangerous to have leaked. Since, you could get remotely hacked if anyone got a hold of the information from your computer. I mean, it should be impossible to get a hold of computer username, domain, and password, even if someone could get your IP address. And yes, if you have an IPv4 IP address, maybe some router prevents people from logging in, but if you have a computer with an IPv6 address, that is unique and will allow people to login into your computer without issue. Either way, accessing your computer remotely with an IP address isn't the issue here, it is the fact the credentials have to be obtained first. However, there is definitely an issue with Internet Explorer and Windows Edge and it is related to all this.
Did you know, Internet Explorer and Edge have an epic bug that actually allows for your Windows Credentials to be accessible over the Internet? Yes, that is right, your username, domain, and hash to your password is accessible to any web-site while you use Internet Explorer and Edge.
Did you know that unlike the hashing schemas I use for my own sites to protect your accounts, Microsoft Passwords that are hashed using their method can be broken fairly fast? Well, yes they can be.
Then shouldn't this be a top priority for Microsoft to get fixed? Well I'd love to think so, but the bug has been in existence since March 1997. Nearly two decades later this is still not fixed, and the issue can continue to plague users for a long time. Twenty years is long enough for a couple to have sex, give birth, have a kid learn everything he needs to learn, and fix the bug him or herself. I'd love to know why Microsoft hasn't hired this kid yet to fix the bug.
Now, everything is not lost, and I will be linking in my show notes and YouTube description a link to notes from Bleeping Computer with their article on how to fix this so you could continue to use Internet Explorer or Edge, but there are a few things you can do, or not use, to help with this issue.
First solution, and the only one anyone should be doing anyway, don't use Internet Explorer or Microsoft Edge. Use anything else, and I am not kidding. There are plenty of amazing browsers now, compared to 1997. You have Firefox, Chrome, Safari, Opera, etc. Use any of them, or any other browser based on them. Doing that alone will mitigate any dangers to your PC without changing a single setting which can be complicated.
Second solution, go to Bleeping Computer article, and follow their instructions to the letter. Then you can use Internet Explorer or Edge.
Third solution and this applies to anyone who doesn't want to reconfigure Windows, or change browser. Melt computer down, and hide in closet in fetal position. Unless Microsoft fixes the issue themselves, which after 20 years maybe they just think it is a feature, then doing nothing leaves you open to attacks if you are unwilling to change browser, or edit Windows settings. We can't help people unwilling to help themselves. Period.
Oh, and a bonus tip, remember to turn off remote desktop in your Windows computers to prevent unauthorized access to your computer, even with the correct username and password.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions