0

Vista security rendered 'uselsess'
By Dennis Fisher

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

9
Contributors
11
Replies
13
Views
10 Years
Discussion Span
Last Post by R0bb0b
0

Well that's what you get when you integrate a browser into the OS.

http://www.answers.com/topic/hoare-c-a-r
Perhaps it's time to consider making things much simpler, rather than bloating the crap out of everything in the guise of creating "value".

Or as Scotty in ST-III said "The more they over think the plumbing, the easier it is to stop up the drain."
Or in this case find, yet another hole which leaks :)

0

Time to put the death penalty on evil-minded hackers!

In my mind they are nothing but terrorists, out there to do the most damage they can.

0

It could be a hype as they say their findings which could completely bring Windows Vista to its knees. The researchers were able to load whatever content they wanted into any location they wished on a user.

0

Its best to surf WITH SCRIPTS DISABLED (@ least in the INTERNET zone (If not the MY COMPUTER zone also)) Then they have a hard time executing anything from thier end.......

0

No, you know what's going to happen, they are going to handle it just like they handle every other security issue. By turning it off. Then the rest of the development world will suffer.

0

Maybe you can re-enable it in your copy

lol... its just too much funnyy...
<snip fake signature>

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.