This week there has been a lot of news about a flaw in Windows that could be used by web sites to easily gain access to a visitor's Windows login name and password. When I tested this flaw it was downright scary. Using a test site for this flaw, the site was able to get my test Microsoft Account login name and the hash of its password in a few seconds. Then it took the site less than 30 seconds to crack the password! What is even scarier, is that this flaw is not new and
was discovered in March 1997!
Test shows my account info and Password
Yes. I changed the password already.
News about this flaw was
recently reported again by VPN company Perfect Private and
by ValdikSS, who is affiliated with the Russian VPN service ProtoVPN. They have both set up test sites that demonstrate this flaw so that visitors can determine if they are affected and should change their passwords. I have no idea what information they keep from these tests, so I would change your password if they are able to detect your info. Perfect Private has a test page
here and ValdikSS has one
here.
