Member Avatar for Ancient Dragon

Vista security rendered 'uselsess'
By Dennis Fisher

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

  • 9 Contributors
  • 11 Replies
  • 137 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by R0bb0b

Recommended Answers

All 11 Replies

Member Avatar for Salem

Well that's what you get when you integrate a browser into the OS.

http://www.answers.com/topic/hoare-c-a-r
Perhaps it's time to consider making things much simpler, rather than bloating the crap out of everything in the guise of creating "value".

Or as Scotty in ST-III said "The more they over think the plumbing, the easier it is to stop up the drain."
Or in this case find, yet another hole which leaks :)

Member Avatar for xxxviking

yess.. greatt!! one.. i too hae same thinking..

Member Avatar for sneekula

Time to put the death penalty on evil-minded hackers!

In my mind they are nothing but terrorists, out there to do the most damage they can.

Member Avatar for scru

I hope you are kidding

Member Avatar for mackone

It could be a hype as they say their findings which could completely bring Windows Vista to its knees. The researchers were able to load whatever content they wanted into any location they wished on a user.

Member Avatar for The Dude

Its best to surf WITH SCRIPTS DISABLED (@ least in the INTERNET zone (If not the MY COMPUTER zone also)) Then they have a hard time executing anything from thier end.......

Member Avatar for R0bb0b

No, you know what's going to happen, they are going to handle it just like they handle every other security issue. By turning it off. Then the rest of the development world will suffer.

Member Avatar for The Dude

Maybe you can re-enable it in your copy :)

Member Avatar for xxxviking

Maybe you can re-enable it in your copy

lol... its just too much funnyy...
<snip fake signature>

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.