PoC Schock

image

We have already written about the extremely problematic security flaw with the Windows 8.1, which allows a hacker to gain administrative privileges in an almost undetectable way. To make things even worse for Microsoft the busy little bee, who has discovered this trouble, published the PoC, as well.

The PoC is actually the Proof of Concept, which gives you a step-by-step guide how to do it yourself. In the meantime, Microsoft has come up with a patch to fix this annoying problem. However, this meantime actually took three months to happen. Why? Is it a really complicated problem? What could it be?

For what is worth, Microsoft has to offer a solution for more than platform. That is why you cannot build a Rome in a day. On the other hand, some comments have pointed out that it was not an advisable thing to publish this vulnerability with the PoC. Microsoft would have reacted either way. Right?

This one comes without saying, that is for sure. We should be also aware what is happening in our brave new IT world. It seems that we are not as safe as we thought we are. We should not discourage the future cyber whistleblowers under any circumstances. Otherwise, we will end up living in the dark of harmful cyber ignorance.

Pwn2Own IE11

image

There are no true winners in hackers contests or bug bounty rewarding programs. Someone will take the sweet prize, while we will end up in tears. Why? Because we will become more aware about the fragile and insecure character of our system. Yet, we cannot allow ourselves a luxury of neglecting them.

Some of them actually work. This is how a successful prevention has achieved. Can this be a comfort for Microsoft? Two HP security experts were able to find a weakness in the Internet Explorer 11. As a result, we have a complete malicious control over the computer, which runs the Windows 8.1.

As expected, Microsoft will clean this situation with the next security patch. However, we still have this bitter taste in our mouth. Why? Well, it is actually quite simple, and that is why is so painful. Who knows how many bugs are out there flying and crawling all over our cyber space? Do not bother to ask.

Unfortunately, we do not have enough hackers competitions or bug bounty programs to find and eliminate them all. If you want to say keep on trying, then you are moving into the wrong direction. Maybe, we are truly blessed with our cyber ignorance. There is a difference, though. What we do not know can hurt us badly in this case.