Linked by Amjith Ramanujam on Fri 8th Aug 2008 13:14 UTC
Windows This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
Thread beginning with comment 326237
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: this news is pure .FUD..
by snozzberry on Fri 8th Aug 2008 16:37 UTC in reply to "this news is pure .FUD.."
snozzberry
Member since:
2005-11-14

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.

"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."


Explain to us how it's completely normal for a browser to be able to bypass all the security of an OS.

Edited 2008-08-08 16:41 UTC

Reply Parent Score: 12

RE[2]: this news is pure .FUD..
by casuto on Sat 9th Aug 2008 08:28 in reply to "RE: this news is pure .FUD.."
casuto Member since:
2007-02-27

Explain to us how it's completely normal for a browser to be able to bypass all the security of an OS.


1. you need to find an unpatched flaw in your browser
2. you need to use a 3rd party plug-in such as flash and java which are not compiled with ASLR memory protections.
But the OS security is not compromized because you have the UAC enabled by default and so the malicious code will run with fewer privileges, it can't damage the OS (as opposite to xp where the malicious code will run with administrator privileges by default)

Edited 2008-08-09 08:47 UTC

Reply Parent Score: 1