Windows SP2 security compromised

November 30, 2004


PC World | Windows SP2 security compromised: "The October exploit required a user to drag an image from one part of a Web page to another, and then to click a button. At the time, Microsoft said the bug required too much user interaction to be considered serious. The new version, discovered by the Greyhats Security Group, eliminates the step of clicking a button, the group said. Like the earlier exploit, the new attack could lead to the execution of HTML and script code in the context of a trusted site, Greyhats said."

Normally I would respond to a release like this as "too much interaction on the part of the user; show me a remote exploit blaster-style and I'll be worried". But then I started thinking about it. People really ARE that stupid and will do pretty much anything that some website or email will tell them. Tip: Do not underestimate the stupidity of your users. If you give them too much credit, it will come back to bite you in the ass.