element14 Community
element14 Community
    Register Log In
  • Site
  • Search
  • Log In Register
  • About Us
  • Community Hub
    Community Hub
    • What's New on element14
    • Feedback and Support
    • Benefits of Membership
    • Personal Blogs
    • Members Area
    • Achievement Levels
  • Learn
    Learn
    • Ask an Expert
    • eBooks
    • element14 presents
    • Learning Center
    • Tech Spotlight
    • STEM Academy
    • Webinars, Training and Events
    • Learning Groups
  • Technologies
    Technologies
    • 3D Printing
    • FPGA
    • Industrial Automation
    • Internet of Things
    • Power & Energy
    • Sensors
    • Technology Groups
  • Challenges & Projects
    Challenges & Projects
    • Design Challenges
    • element14 presents Projects
    • Project14
    • Arduino Projects
    • Raspberry Pi Projects
    • Project Groups
  • Products
    Products
    • Arduino
    • Avnet Boards Community
    • Dev Tools
    • Manufacturers
    • Multicomp Pro
    • Product Groups
    • Raspberry Pi
    • RoadTests & Reviews
  • Store
    Store
    • Visit Your Store
    • Choose another store...
      • Europe
      •  Austria (German)
      •  Belgium (Dutch, French)
      •  Bulgaria (Bulgarian)
      •  Czech Republic (Czech)
      •  Denmark (Danish)
      •  Estonia (Estonian)
      •  Finland (Finnish)
      •  France (French)
      •  Germany (German)
      •  Hungary (Hungarian)
      •  Ireland
      •  Israel
      •  Italy (Italian)
      •  Latvia (Latvian)
      •  
      •  Lithuania (Lithuanian)
      •  Netherlands (Dutch)
      •  Norway (Norwegian)
      •  Poland (Polish)
      •  Portugal (Portuguese)
      •  Romania (Romanian)
      •  Russia (Russian)
      •  Slovakia (Slovak)
      •  Slovenia (Slovenian)
      •  Spain (Spanish)
      •  Sweden (Swedish)
      •  Switzerland(German, French)
      •  Turkey (Turkish)
      •  United Kingdom
      • Asia Pacific
      •  Australia
      •  China
      •  Hong Kong
      •  India
      •  Korea (Korean)
      •  Malaysia
      •  New Zealand
      •  Philippines
      •  Singapore
      •  Taiwan
      •  Thailand (Thai)
      • Americas
      •  Brazil (Portuguese)
      •  Canada
      •  Mexico (Spanish)
      •  United States
      Can't find the country/region you're looking for? Visit our export site or find a local distributor.
  • Translate
  • Profile
  • Settings
Security and Identification
  • Technologies
  • More
Security and Identification
Documents a hole in Windows 8 security...is it a big deal?
  • Blog
  • Forum
  • Documents
  • Files
  • Members
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
Join Security and Identification to participate - click to join for free!
Actions
  • Share
  • More
  • Cancel
Engagement
  • Author Author: DebuggerGuys
  • Date Created: 11 May 2012 9:27 PM Date Created
  • Last Updated Last Updated: 8 Oct 2021 4:52 AM
  • Views 883 views
  • Likes 0 likes
  • Comments 0 comments
Related
Recommended

a hole in Windows 8 security...is it a big deal?

549930_large

A security researcher has found a potentially massive security hole in Windows 8 that would expose someone's contacts and other information from social networking services and email including Gmail, Facebook, Hotmail, LinkedIn, and Twitter, among others. It sounds serious, but there may be less to the security hole than meets the eye.

Woody Leonhard, an old friend of mine, first reported on the hole in Infoworld. The hole comes about because Windows 8 can grab contact and other data from multiple external sites so that you can see them all in one place. That's one of the benefits of Windows 8 -- Metro is designed to be a central hub for information across the Internet, and then bring that information to you rather than you going out and seeking it.

Leonhard notes, though, that in the current Consumer Preview of Windows 8, all that information is kept on a machine even after the PC is turned off, and that someone may be able to get access to all of it. He writes:

"Windows 8 doesn't build its Contacts list dynamically. Instead, it keeps a cache of contacts from all of those sources stored on the machine. The cache persists even when the user logs off or the machine is turned off. That means anyone who can sign on to your PC with an administrator account can see all of your contacts and all of their data -- names, email addresses, pictures, telephone numbers, addresses -- whatever you have on file or whatever's been sucked in from Hotmail, Gmail, Facebook, Twitter, and LinkedIn."

Leonhard found out about the hole from a white paper written by Amanda C.F. Thomson, a graduate student at George Washington University. (You can get the white paper and more information from her blog, PropellerHeadForensics.)

It's certainly frightening stuff. But keep in mind that for anyone to get access to that cache, they'll need to log in to the Windows 8 machine with administrator access. And in that case, they'll be able to get access to a lot of this information without having to dig into the cache -- Metro will be grabbing information from multiple services, and that information will be displayed in plain sight. However, it is true that the cache will make it easier for someone to grab all the contact information in one fell swoop, so it is an added security threat.

The real problem isn't as much Windows 8 as it is the overuse of an administrator account. People should use such an account only rarely, and not for normal operations of their PC, because of the access it gives to all parts of the operating system. And they should never share that account with others. Mark Baldwin, principal researcher and consultant at InfosecStuff, told Taylor Armerding of CSO that

"If an unauthorized person has admin rights on your machine, then you have more problems to worry about than your Facebook and email contact information."

I think it's likely that Microsoft will protect the cache in some way, so that even administrator accounts won't be able to directly view it. The cache is only there to improve performance, so that it doesn't have to be rebuilt every time someone logs on. So don't be surprised if it's eventually encrypted.

Woody is certainly right -- the cache is a potentially security danger. But it's not as bad as it seems at first glance, and Microsoft may fix it before the operating system's final release.


via COMPUTER WORLD

  • information
  • microsoft
  • hole
  • security
  • 8
  • network
  • info
  • windows
  • social
  • Share
  • History
  • More
  • Cancel
  • Sign in to reply
element14 Community

element14 is the first online community specifically for engineers. Connect with your peers and get expert answers to your questions.

  • Members
  • Learn
  • Technologies
  • Challenges & Projects
  • Products
  • Store
  • About Us
  • Feedback & Support
  • FAQs
  • Terms of Use
  • Privacy Policy
  • Legal and Copyright Notices
  • Sitemap
  • Cookies

An Avnet Company © 2025 Premier Farnell Limited. All Rights Reserved.

Premier Farnell Ltd, registered in England and Wales (no 00876412), registered office: Farnell House, Forge Lane, Leeds LS12 2NE.

ICP 备案号 10220084.

Follow element14

  • X
  • Facebook
  • linkedin
  • YouTube