A few weeks ago, I blogged about Aliso Viejo’s eEye Digital, which began offering a light version of its Blink security software FREE for a year to consumers.

Marc Maiffret, eEye’s young co founder, used to be on the other side of the protection business. Today, he and his team search for software flaws and then work with companies like Microsoft to fix the holes. It was only a matter of time before eEye discovered some holes in the new Windows Vista operating system.

Marc and Derek Soeder, a senior software engineer at eEye, stopped by my office to show me how easy it is to hack into a Vista computer. Watch the VIDEO, also linked above.

Derek found the Vista flaw. With that knowledge, he was able to exploit it and send a spoofed e-mail to the victim. Once the victim opens the fake Office document, it opened the back door that Derek needed to get into the victim’s computer, including dismantling its Windows firewall.

From there, Derek logged into the victim’s computer, gave himself administrator access and installed key-logging software to track user names and passwords. Scary!

The lesson of course is always patch your Windows software, even if it’s the latest and greatest Windows Vista. While you’re at it, make sure you keep all the software on your computer up to date — this includes Adobe Acrobat, Firefox, iTunes, etc. And if you open an e-mail file that doesn’t do a thing, watch out!

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.