|
Windows Vista security 'rendered useless' by researchers
|
View this Thread in Original format
| Chris Allen |
| quote: | LAS VEGAS -- Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.
In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.
By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.
Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.
"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.
"What this means is that almost any vulnerability in the browser is trivially exploitable," Dai Zovi added. "A lot of exploit defenses are rendered useless by browsers. ASLR and hardware DEP are completely useless against these attacks."
Many of the defenses that Microsoft added to Vista and Windows Server 2008 are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process's stack, heap and libraries. That technique is useful against memory-corruption attacks, but Dai Zovi said that against Dowd's and Sotirov's methods, it would be of no use.
"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."
Microsoft officials have not responded to Dowd's and Sotirov's findings, but Mike Reavey, group manager of the Microsoft Security Response Center, said Wednesday that the company is aware of the research and is interested to see it once it becomes public.
Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.
"This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon, sort of like heap spraying was." |
Source: SearchSecurity
These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi..., 'the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.'"
How about that Mr. Tang? |
|
|
| DigiNut |
I'm no Vista fan, but it sounds to me like these "attacks" depend on the ability to run arbitrary code, which pretty much defeats the purpose. A lot of what these so-called security researchers "discover" runs along those lines.
As Raymond Chen so eloquently stole from Douglas Adams, "it rather involved being on the other side of this airtight hatchway." If your exploit requires the ability to run arbitrary code then it isn't much of an exploit.
Unless it involves privilege escalation, but that's not at all clear here. |
|
|
| E2EK1EL |
Chris your funny, who cares about Microsoft ... Vista was doomed from the day it came out. Only morons will use Vista at this time periode.
Wait until your beloved MAC OS goes mainstream, you'll have this problem too.
The diff between Windows and OSX, only Apple would be so over confident and lie about having no viruses and "can't be hacked" marketing (to the morons that follow them).
Nice comeback btw ... any mainstream OS will be hacked and cracked. Keep on googling more info for your pointless comebacks, which everyone knows about.
Have a nice day. |
|
|
| VERTiG0 |
apple fanboy spotted
who doens't use linux anyway lets get real
FYI I use Vista daily on every machine I have and I ing love it, I LOVE IT
It's so goddamn fast and responsive and not annoying.
I'm dead serious.
Vista is amazing. |
|
|
| E2EK1EL |
| quote: | Originally posted by VERTiG0
apple fanboy spotted
who doens't use linux anyway lets get real
FYI I use Vista daily on every machine I have and I ing love it, I LOVE IT
It's so goddamn fast and responsive and not annoying.
I'm dead serious.
Vista is amazing. |
i don't know dude ... very iffy on Vista. I'm happy to see your still using Vista. Your a diff case though, you know your hardware and software inside out ... no matter what, you'll make Vista work PROPER! You have the ability to hack it, mod it and re-encode . |
|
|
| Jer |
| quote: | Originally posted by VERTiG0
apple fanboy spotted
who doens't use linux anyway lets get real
FYI I use Vista daily on every machine I have and I ing love it, I LOVE IT
It's so goddamn fast and responsive and not annoying.
I'm dead serious.
Vista is amazing. |
I've been using Vista since the closed alpha stages in a host of different environments and can safely say that for usability, response and accessibility, it's absolutely brilliant. All this bollocks about maliciious code, vulnerabilities etc. makes me laugh seeing how:
a) I don't run an Anti-virus package. Never have, likely never will.
b) I do a lot of web surfing. A LOT.
c) I have never (to my knowledge) ever been faced with virus or malware issues.
It all comes down to being smart about where you click. Don't click random links, be aware of phishing, be more selective on the porn that you download and don't open email attachments unless you know what the f*ck you're doing. It reminds me of the time I was working in Great West Life's IT department and someone beside me opened up a .scr file in her email and comprimised the entire network.
Don't be a dumbass with surfing. Plain and simple.
PS, I use Internet Explorer 8. Firefox.
That's right, I said it. |
|
|
| VERTiG0 |
| quote: | Originally posted by Jer
PS, I use Internet Explorer 8. Firefox.
That's right, I said it. |
GET THE OUTTA DODGE |
|
|
| E2EK1EL |
| quote: | Originally posted by Jer
It all comes down to being smart about where you click. Don't click random links, be aware of phishing, be more selective on the porn that you download and don't open email attachments unless you know what the f*ck you're doing. It reminds me of the time I was working in Great West Life's IT department and someone beside me opened up a .scr file in her email and comprimised the entire network.
Don't be a dumbass with surfing. Plain and simple.
|
BIG UP!!!!! |
|
|
| Jer |
| quote: | Originally posted by VERTiG0
GET THE OUTTA DODGE |
Oh they got to you too? |
|
|
| El K Dee |
3rd vista lover here...
i didnt want to even touch vista with all i heard and in dec 2007 i got it pre installed on teh laptop i bought...was too lazy to format and install xp as planned and after i noticed all the extra things i could do and how it related to certain hardware, i was hooked....the only problems ive faced since being on vista are hardware issues..ie. the fan right now on my cpu died...
and why the would u use IE anyways...looking at it, it feels like a huge weight on ur shoulders |
|
|
| E2EK1EL |
| quote: | Originally posted by Chris Allen
Source: SearchSecurity
These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi..., 'the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.'"
How about that Mr. Tang? |
************************************************
I don;t know, but my Treo never got hacked before.
************************************************
iPhone Hacked, Compromising All Your Personal Data
Bleeding-edge early-adopters take note: The iPhone may be a sexy little device, but security experts have found a way to hack it and take complete control of the device. Complete and utter vulnerability. Hackers find their way into the phone via the iPhone's version of the Safari web browser.
The researchers, working for Independent Security Evaluators, a company that tests its clients' computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.
Although Apple built considerable security measures into its device, said Charles A. Miller, the principal security analyst for the firm, "Once you did manage to find a hole, you were in complete control." The firm, based in Baltimore, alerted Apple about the vulnerability this week and recommended a software patch that could solve the problem.
[...]
Details on the vulnerability, but not a step-by-step guide to hacking the phone, can be found at www.exploitingiphone.com, which the researchers said would be unveiled today.
So far, there are no reports that anyone's iPhone has actually been compromised this way. Yet. Be careful what you store on there until a patch is available. Heck, be careful what you store on there, period.
http://consumerist.com/consumer/iph...data-281356.php |
|
|
| DaRoZa |
no problems whatsoever with vista here either.. been using it for about a year.
i think the most useful feature by far is the indexed searching, it just takes two seconds to find any file (or text *within* a document) i'm looking for by typing in the start menu or in the corner of any explorer window. i use it a lot for music too, as id3 tags are included in the search, i haven't had the need to use winamp/itunes library since i got this pc |
|
|
|
|
