Linked by Amjith Ramanujam on Fri 8th Aug 2008 13:14 UTC
This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
Thread beginning with comment 326237
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: this news is pure .FUD..
by casuto on Sat 9th Aug 2008 08:28
in reply to "RE: this news is pure .FUD.."
Member since:2007-02-27
Explain to us how it's completely normal for a browser to be able to bypass all the security of an OS.
1. you need to find an unpatched flaw in your browser
2. you need to use a 3rd party plug-in such as flash and java which are not compiled with ASLR memory protections.
But the OS security is not compromized because you have the UAC enabled by default and so the malicious code will run with fewer privileges, it can't damage the OS (as opposite to xp where the malicious code will run with administrator privileges by default)
Edited 2008-08-09 08:47 UTC
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-11-14
"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."
Explain to us how it's completely normal for a browser to be able to bypass all the security of an OS.
Edited 2008-08-08 16:41 UTC