"Vista Users Just got a lot more Hackable"

mercurial

mercurial

MyBB Legend
Joined
Jun 12, 2007
Messages
40,900
Reaction score
2,693
Location
/\/¯¯¯¯¯\/\
LAS VEGAS -- Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.

"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.
Click to expand...

HouseHoldHacker.com
 
so is this an issue with the fundamental way the kernel is built? will be interesting to see whether MS believes the issue can be solved and if they can provide a slution that closes the hole.
 
Its amazing that u never read about these problems with MAC. Makes me a bit sad to b a Windows user. If only macs werent so damn expensive !!
 
This will be used by adware, DDOS and virus writers. It ensures that they just need to get a small piece of code running on your machine to have complete control.
 
Last edited:
phiber said:
Its amazing that u never read about these problems with MAC. Makes me a bit sad to b a Windows user. If only macs werent so damn expensive !!
Click to expand...

If only more games were compatible with mac
 
phiber said:
Its amazing that u never read about these problems with MAC. Makes me a bit sad to b a Windows user. If only macs werent so damn expensive !!
Click to expand...

Mac OS will run on an Intel x86 desktop machine. The trouble is getting it (legitimately). Wouldnt that put a spanner in the works - if Apple were to release their operating system for use on normal desktop machines :p

Watch everyone revert back to XP. What is it that Vista does better than its predecessor?
 
I said it once and I'll say it again...

Vista is an overpriced PO Cr@p! I will never pay more than R900 for that OS and that's being generous!
 
phiber said:
Its amazing that u never read about these problems with MAC. Makes me a bit sad to b a Windows user. If only macs werent so damn expensive !!
Click to expand...
You do - just not with the same regularity.
 
I don't pay anything for my OS's. I get free [legal] use of corporate Vista Business, got XP MCE05 with my laptop (like they would give it to me without it...) and I use Linux. I pretty much only use Linux. No viruses, no hacker attacks (like a hacker would be stupid enough to try hack my Linux :D).

But we all know how vulnerable Vista is to these attacks. Funny thing is, M$ claimed that Vista was very secure...
 
Vista got PWNED

"While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi..., 'the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.'"
Click to expand...
http://it.slashdot.org/article.pl?sid=08/08/08/1155208

I find a new reason not to install Vista every day.

Vista.. MS`s worst OS. ever.
 
Well it just goes to show, that no matter how secure something is. There always is a hole
 
Strangely not a word from the local M$ fanbois on this so far..
 
hyperian said:
Watch everyone revert back to XP. What is it that Vista does better than its predecessor?
Click to expand...


Everyone (8/10) people are reverting. Its only really die hard gamers with nice spec machines and sales people with more talk than brains who use Vista. Most business`s downgrade their machines to XP.
 
w1z4rd said:
Its only really die hard gamers with nice spec machines who use Vista. Most business`s downgrade their machines to XP.
Click to expand...

Yep, I'm currently moving to Vista now(moving USER folder to a different drive ATM) and will be ditching my XP partition, not because I like Vista but it does everything XP does for me and DX10 games look really good, Vista MCE is another reason.
 
Last edited:
You won't be OK, but you will be better off than the poor user that uses both Vista and IE.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X