“This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees,” Jason Kelley reports for Newwin.net.
“Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System,” Kelley reports.
MacDailyNews Take: Microsoft Windows is insecure? Who would’ve guessed?
Kelley continues, “While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, ‘the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.'”
Kelly reports, “‘This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista,’ said Dai Zovi to SearchSecurity.com. ‘If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force.'”
Full article here.
[Thanks to MacDailyNews Reader “Wingsy” for the heads up.]
Boom! Yet another reason, as if you needed one, to Get a Mac.
“tapping the reserves, rules against price gouging, cracking down on speculators (most economists see them as the primary cause of current prices) stopping tax breaks for oil companies (cause yes, the repubs give tax breaks to companies that have record profits) and a tax break for people paid for by the oil companies tax break being removed.”
None of these bills would have lowered gas prices.
Tapping the reserves would probably be a good option, but it would not have a significant impact on gas prices since it’s not a long term solution.
There are already laws against price gouging. To convict for price gouging you have to *prove* collusion to artificially keep prices high. Don’t think that will happen because there isn’t any evidence of this happening.
“Cracking down” on speculators (whatever that means) would be extremely detrimental since speculators are an integral part of the commodities market. The speculation of high prices right now comes from the inevitable war with Iran. Go research the commodities market and the importance of speculators and get back to me.
Lastly, if you think making oil companies pay more taxes will solve the problem, you’re again very wrong. The tax increases *will* trickle down to the consumer and in the end it will have no effect. These companies have armies of accountants that can make the numbers work any way they want to. Good luck with this one.
I’m not a republican or a NeoCon, but these ideas are not going to work, and they just make the problem worse. Drilling will not solve it either as we won’t see the new oil in the market place for years. The only thing we can do right now is conserve. Use less gas. That’s it. The newer technologies will take time to come to market, but this is a rough ride we are going to have to endure for quite a while. There are no quick fixes and to think so is foolish.
Where is that guy that stated just yesterday that his Windows Vista box is purring like a Porsche? More like a 1982 Chevette.
This is a great marketing plug for Microsoft to move Vista users to to Windows 7 if it ever ships.
This is funny!!!! 😀
“The entire system becomes unresponsive (even the power button) the cpu goes to a 100% usage . . .”
It’s not a bug. It’s a feature.
“At the Wall Street Journal’s All Things Digital Conference, Bill Gates and Steve Ballmer said that Vista is not a failure and not a mistake, then provided a tantalizing demo of the new features in Windows 7.” (macobserver.com – May 28th, 2008)
“There are no quick fixes and to think so is foolish.”
Perhaps W. can convince Congress that the U.S. needs to approve a preemptive strike on all OPEC member nations. Don’t laugh. He’s just stupid enough to do it. You won’t see him talk when Cheney is drinking a glass of water.
Thanks Cubert! I’m glad my sarcasm was appreciated.
” width=”19″ height=”19″ alt=”cool smile” style=”border:0;” />
We seem to have a number of posters who think this is a political forum. Can we take the off-topic posts elsewhere, please? Thanks.
Back on topic, this does indeed sound like yet another black eye for Vista – possibly its biggest one yet, coming as it does after Microsoft spent tons of money trying to (rather condescendingly) convince people that Vista isn’t as bad as it really is.
“These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture.”
If this is indeed true, it sounds like this is a problem unique to Vista, embedded in the fundamental way MS tried to secure the system’s underpinnings.
That means no easy fixes – possibly even fixes which are not backwards-compatible. And they’re still planning to base Windows 7 on this mess? How long of a delay do you think this will cause in the Windows 7 release timeline? (Assuming they ever *do* ship Windows 7, of course.)
My sense is that MS are putting their weight and efforts behind maintaining their MS Office near-monopoly (witness the recent ISO vote rigging for MSOOXML), whereas forward progress with Windows seems to be less of a priority for them.
Maybe their backup plan is to roll back to the XP codebase, and just sell and maintain XP indefinitely? Sure seems like that’d be far less trouble than the mess they’ve created for themselves with Vista.
If the Republicans are the Empire, Pelosi and the Democrats are the Jawas of the political universe.
– from an adult hoping that he might see enlightened leadership in America before he dies.
As for the topic of the thread, this news can hardly be a surprise.
I just looked up exxon’s filings for the first half. They made 22 billion dollars. BILLION holy crap, and they only paid …. 62 billion in taxes. Freaking rich corporations!! The government should take them over!
Ralph M,
“- from an adult hoping that he might see enlightened leadership in America before he dies.”
Well Ralph, unless that ‘M’ stands for Methuselah, you may as well kiss your ass goodbye right now. It ain’t gonna happen. Sorry.
Perhaps the opposite of progress is not Congress but Microsoft. How many good ideas and how much forward momentum has been quashed by Microsoft’s underhanded means of lining their own pockets? Granted they have to deal with thousands of configurations of low-grade computer components made by almost every Tom, Dick and Sally but they cannot blame all of Vista’s or XP’s or any other Windows system’s problems on configurations alone. They have to take a look in the mirror, look and their codebase and actually trim out all the shit, patch the holes and make it work. Of course that’s about as likely as me winning the lottery. (Note to Billy and Stevie: if I do win the lottery, without buying a ticket, you guys better have also just done the aforementioned impossible task with your OS.)
What i would enjoy seeing is if Apple did get OS X running on generic PC software (not to sell it) just to show up Microsoft. Do I think they will? Probably not because it could be very difficult to optimize for all the possible configurations but if anyone could do it, I believe it would be Apple. Microsoft’s promises are getting to be about as worn out as Pamela Anderson’s pussy and as believable as Snoop Dogg permanently quitting weed. So are their excuses.
frank,
Whatchutalkinabout?
amyhre,
Pamela Anderson’s pussy will never wear out. She had it surgically covered with Teflon coated Kevlar during her last boob job. American technology at its’ finest. Hoorah!
“Microsoft’s promises are getting to be about as worn out as Pamela Anderson’s pussy and as believable as Snoop Dogg permanently quitting weed.”
Poetry!
And all three have been damaged by thousands of viruses.
Nick Fury,
Holy crap! She has THREE of them! What a freakin’ mutant.
Essentially this is a very big nail in the coffin of the dream that the Internet would be a safe place to play.
– Remember when Java was ‘safe’ and could not do anything bad to your computer?
– Remember how Netscape designed LiveScript (renamed ‘JavaScript’ for moronic marketing reasons) to be ‘safe’?
– Remember how cookies were supposed to be ‘safe’?
– Remember when Microsoft hadn’t muddied the water with their fetid claws? Before MS perpetrated ‘JScript’, proprietary fake ‘HTML’, the monstrosity called ‘FrontPage’ for creating websites that ONLY ran in IE?
Meanwhile Windows users have even worse rubbish to worry about, the worst of which is ActiveX, a deliberately dangerous scripting system.
Mr. Gates has left the building, just in time for it to cave in on itself.
” width=”19″ height=”19″ alt=”tongue laugh” style=”border:0;” />
Ha! Take that you MAC lemmings!! Let’s see your pathetic OS do that! You never know when a hacker is gonna come in handy. VISTA RULES!!!
Your problem. Our Whatever. tm
The Sky IS Falling The Sky IS Falling.
p.s you’ll be covering our conference now, won’t you?
But all in all, it’s been a fabulous year for Laura and me.
–George W. Bush
Washington, DC
12/20/2001
summing up his first year in office, three months after the 9/11 attacks
@George Bush
Good luck touring with the women’s volleyball team. It’s a job you might actually understand. But PLEASE, for the love of all that’s holy, no Speedo.
Just remember, a bird in the hand is worth two in you.
http://www.swamppolitics.com/news/politics/blog/2008/08/bushs_fun_and_games_in_beijing.html
I would imagine that there are some of our guys in Iraq that would enjoy playing beach volleyball with G.W.
But that probably wouldn’t be as much fun.
“Meanwhile Windows users have even worse rubbish to worry about, the worst of which is ActiveX, a deliberately dangerous scripting system.”
And Apple allowed any random program to run as root without an admin password using ARDAgent. It looks like Apple is taking over Microsofts crown of most insecure software vendor, after all it took all of 2 minutes to hack the Mac in CanSecWest.
OFT (Our Favorite Troll) anonymously sez:
“And Apple allowed any random program to run as root without an admin password using ARDAgent.”
Actually, the vulnerability was not specific to the ARD Agent. It was a flaw in the Open Scripting Architecture in Leopard. The vulnerability was repaired in Apple Security Update 2008-005.
“It looks like Apple is taking over Microsofts crown of most insecure software vendor, after all it took all of 2 minutes to hack the Mac in CanSecWest.”
Nice try OFT. But let’s get the facts straight.
As of this moment, there is only 1 (ONE) viable piece of malware for Mac OS X. It is the ‘Porno Trojan’, aka ‘OSX.RSPlug.A’. It takes advantage of DNS services on client Mac machines. (Mac OS X Server was patched to stop the problem). Let’s compare that to the 200,000 or so malware for Windows, several of which are discovered every single day. So is Apple remotely close to claiming Microsoft’s crown for INSECURITY? Duh. (Watch OFT attempt to pull the ‘security by obscurity’ myth out of his orifice! HaHaHa!)
As for the CanSecWest 2008 story, there is a bit more to the story than OFT was willing to say:
The event in question was called “Hack a Mac”, aka “PWN2OWN”. The contest requires that the hackers involved use a ‘zero day’ attack, meaning that they use a hacking method heretofore unknown. You can read the results at:
http://www.engadget.com/2008/03/27/pwn-2-own-over-macbook-air-gets-seized-in-2-minutes-flat/
On the first day of the competition contestants are only allowed to hack the Mac via a direct network connection. No one even bothered to try this year as it is considered impossible.
On the second day of the event the contestants are allowed to play the role of luser, meaning they can use any software provided with the computer out of the box to try to get the machine hacked from the client side of the computer. This is called ‘user assisted hacking’ and is of course very little relationship to real life. This year the luser/hacker connected to a website he had set up. Something on the website was able to infiltrate the Mac. The contest ends when the hacker is able to open and read a text file the judges have planted on the Mac. The words from the file are then repeated to the judges.
The Day 2 contest took two minutes this year. The hack that was used has not been disclosed but is assumed to be related to Safari, potentially through a vulnerability in QuickTime (which has proven to be remarkably insecure this past year), Java or the mess named ‘JavaScript’. In the latter case, oddly enough, the vulnerability may be due to Microsoft’s own insecure contributions to ‘JavaScript’ known as ‘JScript’. Wouldn’t that be amusing! IOW, the vulnerability may be only partially related to Apple. We hopefully shall see.
BTW: The Vista PC was also PWND, reportedly using a JAVA vulnerability.
Only the Linux box at the contest remained un-PWND.
http://www.engadget.com/2008/03/29/linux-becomes-only-os-to-escape-pwn-2-own-unscathed/
Remember when JAVA was supposed to be the first ‘SECURE’ programming language?
Remember when Vista was supposed to be the first ‘SECURE’ version of Windows?