Linked by Amjith Ramanujam on Fri 8th Aug 2008 13:14 UTC
Windows This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
Permalink for comment 326237
To read all comments associated with this story, please click here.
RE: this news is pure .FUD..
by snozzberry on Fri 8th Aug 2008 16:37 UTC in reply to "this news is pure .FUD.."
snozzberry
Member since:
2005-11-14

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.

"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."


Explain to us how it's completely normal for a browser to be able to bypass all the security of an OS.

Edited 2008-08-08 16:41 UTC

Reply Parent Score: 12