Linked by Thom Holwerda on Thu 25th Mar 2010 22:20 UTC
Privacy, Security, Encryption It's that time of the year again; that time of the year where news outlets get to indulge in sensationalist headlines about how Mac OS X got hacked in twenty seconds. Yes, CanSecWest just held its Pwn2Own contest again, and they fell like drunk 16-year-olds this time (don't read too much into that one, please).
Permalink for comment 415414
To read all comments associated with this story, please click here.
RE[2]: Windows 7 secure? Ha!
by Mike Pavone on Fri 26th Mar 2010 22:38 UTC in reply to "RE: Windows 7 secure? Ha!"
Mike Pavone
Member since:
2006-06-26

DEP is 100% unbreakable if permissions are set correctly.


No it's not. DEP prevents you from running code out of the stack or a data buffer, but you can still overwrite the return address on the stack to jump to an arbitrary point inside the code of the app itself or a library it uses. By carefully piecing together these fragments of code you can effectively do just about anything.

Now ASLR makes these kinds of attacks much more difficult (particularly on 64-bit systems) if implemented properly.

Reply Parent Score: 1