Linked by Amjith Ramanujam on Fri 8th Aug 2008 13:14 UTC
Windows This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
Thread beginning with comment 326330
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Summary of "exploit"
by vaette on Sat 9th Aug 2008 21:19 UTC in reply to "RE: Summary of "exploit""
vaette
Member since:
2008-08-09

It was linked above as http://taossa.com/archive/bh08sotirovdowd.pdf

At the time I could fetch it and read it, but now it seems inaccessible. In fact, it appeared inaccessible again when I wrote the post, so I might have missed some details typing out of memory. I think the summary should be a reasonably accurate reflection of the content however.

The whole thing is pretty interesting all told, as it sheds some light on the hurdles of adding extra security layers to such an as sprawling application platform as a web-browser. It doesn't really invalidate any of the techniques that Microsoft employs in Vista (ASLR seems rather damaged by it, but the NOP slide really needs the DEP circumvention to be practical, and ASLR after all prevents attempts to jump to pre-existing code), but it does illustrate what may be a wider problem for applications of this nature.

A bit unfortunate really that the article is so vague and sensationalistic, as it could have been an interesting topic of discussion but ended up a bit flamebaitish.

Reply Parent Score: 1

PlatformAgnostic Member since:
2006-01-02

Thanks for pointing out the link (I totally missed it when looking through the article).

It looks like the IE team needs to take a stand and make a 'secure mode' option which has Permanent DEP. Also the .NET header flags validation needs to be improved a bit.

Reply Parent Score: 2