On The Insider: Criminal Past of Woods Mistress Revealed
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 23 of 193:
Next »
« Previous
Windows not broken
The paper discusses a number of techniques to circumvent some of the extra protections put in place by Vista, XP and browsers (IE, Firefox). Specifically they address the features which aim to mitigate the consequences of buffer overflows and memory corruption bugs. As the paper states the features *does* still raise the bar for would-be attackers.

While Vista has certainly been leading in implementing such features it is important to understand that these circumvention techniques are not exclusive to Windows. They will work on any OS with a linear process memory layout.

The paper does *not* discuss how to circumvent UAC and IE protected mode; merely memory corruption protections.

Internet Explorer 32bit on Vista does not enable DEP by default. Neither does FF2. Firefox 3 and IE8 will have the DEP in place by default.

Java has a nasty habit of spraying around "executable" blocks in memory. Sun needs to address that. On all OSes.
Posted by: honeymonster   Posted on: 08/09/08 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Adrian, you've caught ZeroDay Fever  betelgeuse68 | 08/09/08
Shoddy software on Windows demands admin access  terry flores | 08/09/08
Then stop using shoddy software?  threedaysdwn | 08/09/08
Unfortunately  Ben_rockwood | 08/09/08
MS Office does NOT require admin access  betelgeuse68 | 08/09/08
Privilege escalation  voska1 | 08/11/08
FALSE  qmlscycrajg | 08/11/08
Prove Your Assertion, qmlscycrajg!  Cardhu | 08/31/08
Just an observation...  zkiwi | 08/11/08
FALSE  qmlscycrajg | 08/10/08
Prove It!  Cardhu | 08/31/08
What is the basis for your "statistic?"  Cardhu | 08/31/08
I disagree  betelgeuse68 | 08/09/08
Here's what I've seen  voska1 | 08/11/08
TOP .01%  mswift@... | 08/11/08
Yup...  Sleeper Service | 08/09/08
But that's how blogs like this one work...  cgdams | 08/10/08
Digg style FUD  ericesque | 08/10/08
It's ridiculous to expect...  Henrik Moller | 08/11/08
Then it's a good thing MS already addressed it over 18 months ago.  ye | 08/11/08
I thougt the same thing  Crestview | 08/11/08
UAC Necessary & not Annoying!!!  POPPA G | 08/11/08
Windows not broken  honeymonster | 08/09/08
Best security is to take computers off the Net  terry flores | 08/09/08
Browser in virtual VMware session ...  MisterMiester | 08/09/08
Agree 100%  thx-1138_@... | 08/11/08
I agree, and furthermore...  w_c_mead | 08/11/08
Amen!  Timpraetor | 08/12/08
er.. so let me understand  ZDNET_guest666 | 08/12/08
Create a .NET DLL ... what a huge bar  wackoae | 08/10/08
Adrian, Once Again You Hit The Nail On the Head!  chessmen | 08/09/08
"scripting languages"  LBiege | 08/09/08
But he doesn't...  Sleeper Service | 08/09/08
ok so let's be clear here.  bmerc | 08/11/08
Thank you for your input.  Sleeper Service | 08/12/08
I Agree With Chessman's Point  Cardhu | 08/31/08
Before Vista RTM, I made a suggestion.  TripleII | 08/09/08
*nix and AppArmor in a nutshell...  MisterMiester | 08/09/08
Yes, UAC is similar to AppArmor.  TripleII | 08/09/08
You seem to misunderstand how Windows works  threedaysdwn | 08/09/08
Cross FS is a standardless operation  mitzampt@... | 08/10/08
NTFS already has such a system  CobraA1 | 08/09/08
I always have to clarify.  TripleII | 08/10/08
Look at the details more  SMFX | 08/11/08
if you have a flaw in linux kernel you run exploit with root privileges  qmlscycrajg | 08/11/08
Do you ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/11/08
Holy moving targets batwoman!  TripleII | 08/11/08
UAC is based on NTFS permissions  qmlscycrajg | 08/10/08
Shhhhh... please...  mitzampt@... | 08/10/08
Use some of that grey matter.  TripleII | 08/10/08
Another thing different ...  MisterMiester | 08/11/08
Not so:  ye | 08/11/08
Not really ...  MisterMiester | 08/11/08
Not really what? What are you trying to say?  ye | 08/11/08
@ye - Did a correction ...  MisterMiester | 08/11/08
Not entirely accurate  SMFX | 08/11/08
@SMFX: How did what you say differ from what I said?  ye | 08/11/08
@ye - it was a response to MM  SMFX | 08/11/08
Funny thing  voska1 | 08/11/08
Same for Windows too:  ye | 08/11/08
I'll go even one step further.  TripleII | 08/11/08
This capability has existed since Windows NT 3.1  ye | 08/11/08
3. No. He/she is not...!  Gruffydd | 08/11/08
I disagree. His knowledge of Windows appears to be...  ye | 08/11/08
And once again Ye makes a sweeping generalization  bmerc | 08/11/08
Sweeping? Hardly. It was targetted towards one...  ye | 08/11/08
Let me 'splain it to you...  bmerc | 08/11/08
Then I'll ask you.  TripleII | 08/11/08
This is the first I've heard of it.  ye | 08/11/08
You have heard of it, being obtuse.  TripleII | 08/11/08
@TripleII: So you dream something up and expect...  ye | 08/11/08
a =b, b=c, therefore a=c. If you can't see that...  TripleII | 08/11/08
@TripleII: As I said:  ye | 08/11/08
This is memory based exploits  SMFX | 08/11/08
Yes, I got it.  TripleII | 08/11/08
Closer, but not quite  SMFX | 08/11/08
Their quote, not mine.  TripleII | 08/11/08
Andrian please change your link ...  MisterMiester | 08/09/08
Andrian? Hybrid Borg/Blogger?  Don Collins | 08/11/08
RE: Windows broken ... I'm surprised it took this long  zato_3@... | 08/09/08
Perhaps You Need A Technical Link To Windows New Found Security Weakness  chessmen | 08/09/08
One wonders...  Sleeper Service | 08/10/08
I wonder if they found the problem on  Pliny the Elder | 08/09/08
This is nothing new.  CobraA1 | 08/09/08
Actually it's more than that ...  MisterMiester | 08/10/08
Hmmmm...  Goudy | 08/11/08
This was found in 2005 . . .  CobraA1 | 08/09/08
And in the last three years  Hemlock Stones | 08/11/08
Vista Will be Great  Utah Stan | 08/10/08
Sounds not too far off...  Sleeper Service | 08/10/08
but ...  Eduardo_z | 08/11/08
this news is pure FUD !  qmlscycrajg | 08/10/08
Still using that grey matter I see.  TripleII | 08/10/08
Lack of posts prove otherwise ...  MisterMiester | 08/10/08
Or  rtk | 08/10/08
So do "Windows Defenders" only surf during office hours? (NT)  Zogg | 08/10/08
I've noticed that seems to be the case.  Bill4 | 08/10/08
weekend activity  rtk | 08/11/08
rtk does...  hasta la Vista, bah-bie | 08/11/08
This Article Is Not Fear, Uncertainty, And Doubt  Cardhu | 08/31/08
Linux's ASLR protection bypassed!  qmlscycrajg | 08/10/08
Of course, that article is six years old...  bmerc | 08/11/08
but it's still valid!  qmlscycrajg | 08/11/08
Vendors have not done a thing to move to dot net  progon | 08/10/08
Say what?  Stuka | 08/11/08
Just what we DON'T NEED  cornpie | 08/11/08
Like everyone of these kind of stories I say  James Quinn | 08/11/08
And, isn't it amazing...  cornpie | 08/11/08
Usually are...:P  James Quinn | 08/11/08
Perhaps this is just a non-issue  Gruffydd | 08/11/08
I myself hold this to be true....  James Quinn | 08/11/08
RE: Windows broken ... I'm surprised it took this long  jscott418 | 08/11/08
RE: Windows broken ... I'm surprised it took this long  billbo72 | 08/11/08
Too early. Blog seems overstated.  DevGuy_z | 08/11/08
Read the paper ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/11/08
That's the problem. Everyone's too lazy to read...  bmerc | 08/11/08
We did.  Sleeper Service | 08/11/08
Windows security..  green alien | 08/11/08
Baa... baa....  Sleeper Service | 08/11/08
We can't stop the end-user  theastronomer | 08/11/08
I think your colleague ripped Adrian a new one  cnfrisch | 08/11/08
Odd how he chose to rip me ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/11/08
I noticed that as well (nt)  Stuka | 08/11/08
I think it's because...  Sleeper Service | 08/11/08
If I'm being sensationalist ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/11/08
Oh come on...  Sleeper Service | 08/11/08
...  Adrian Kingsley-Hughes ZDNet Moderator | 08/11/08
...five locks protecting your home...  PollyProteus | 08/11/08
@PollyProteus ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/11/08
But they've showed...  Sleeper Service | 08/11/08
But the paper shows how to break both DEP AND ASLR together!  Zogg | 08/11/08
Aside from...  Sleeper Service | 08/11/08
I mean "Anything that XP didn't have".  Zogg | 08/11/08
So we're going to...  Sleeper Service | 08/11/08
Funny you should say that...  Zogg | 08/11/08
Sensationalism or layman's terms...  storm14k | 08/11/08
No, actually, it's not odd at all.  bmerc | 08/11/08
Hardly.  TripleII | 08/11/08
HW Firewall For Dialup Users? And Which 3rd-Party Solutions?  dumptux | 08/11/08
Try Agnitum Security Suite Pro  kimo99@... | 08/11/08
Why dial-up?  Merlin the Wiz | 08/11/08
"ported the security features from Vista into 7" ??  PB_z | 08/11/08
RE: Windows broken ... I'm surprised it took this long  dave01010101 | 08/11/08
Don't bother with Ed Bott  dfolk2 | 08/11/08
A big nail in Vista!!!!  chaz15 | 08/11/08
Byzantine (read House of cards) security  tracy anne | 08/11/08
It's all a game  Crestview | 08/11/08
Yup...  Sleeper Service | 08/11/08
Oh wait.  tracy anne | 08/11/08
Disagree.  Sleeper Service | 08/11/08
The difference is  tracy anne | 08/11/08
Well, yes...  Sleeper Service | 08/12/08
.....  Linux User 147560 | 08/11/08
*Yawn*  Sleeper Service | 08/12/08
For all the hollering and whining  Crestview | 08/11/08
What heck happened, Adrian????  Kromaethius | 08/11/08
RE: Windows broken ... I'm surprised it took this long  POPPA G | 08/11/08
Ask the author of the Black Hat paper  Ed Bott ZDNet Moderator | 08/11/08
Wow! Breaking News!  Adrian Kingsley-Hughes ZDNet Moderator | 08/12/08
Adrian  nmcfeters | 08/12/08
True  Adrian Kingsley-Hughes ZDNet Moderator | 08/12/08
Adrian broken. I'm surprised it took this long...  Helio99000 | 08/11/08
Not the only comment of interest ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/12/08
I Agree  Cardhu | 08/31/08
Talk about FUD... even the Black Hat authors were surprised  transposeIT | 08/11/08
It's not about ideology ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/12/08
MS Trolls with their heads in the sand???  i8thecat | 08/12/08
"Ankle Deep In The Sand"  Cardhu | 08/31/08
RE: Windows broken ... I'm surprised it took this long  Multivac | 08/11/08
Not that high a standard ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/12/08
If you think their standard are low...why pay attention to them at all?  Helio99000 | 08/12/08
The fact that your ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/12/08
It is a badge of honor, Adrian  Ole Man | 08/14/08
Great research  nmcfeters | 08/12/08
News Flash! Windows Isn't Perfect  SteveMak | 08/12/08
Too Many Secrets  justanotheradmin | 08/12/08
RE: Download link in editorial is it safe?  The Management consultant | 08/12/08
RE: Download link in editorial is it safe?  The Management consultant | 08/12/08
So Now they will make Windows 7 unusable with UAC  Randalllind | 08/12/08
Get a Mac or switch to Linux, I did...  mikifinaz1@... | 08/12/08
Haha, yeah right  nmcfeters | 08/12/08
And yet ...  Adrian Kingsley-Hughes ZDNet Moderator | 08/12/08
RE: Windows broken ... I'm surprised it took this long  alaniane@... | 08/12/08
RE: Windows broken ... I'm surprised it took this long  BigDoggyDog | 08/12/08
Loss Of Confidence In Microsoft  Cardhu | 08/31/08
Thanks Adrian for Caution Awareness & The PLAIN FACTS!  whitesfyre | 08/13/08
Will you retract your statements and apologize to Ed?  Speednet | 08/13/08
You Also Miss The Point  Cardhu | 09/01/08
Adrian Kingsley-Hughes, you've damanged your credibility with this article.  Solid Jedi Knight | 08/26/08
You Miss The Point  Cardhu | 08/31/08
Hear! Hear!  Ole Man | 08/31/08
Vista, the bloody, bloated blimp of Broadway & Ballmer  Ole Man | 08/29/08
Its called layered security folks!  beldar33@... | 08/20/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here