littleguru said:
corona_coder said:
*snip*
Have you never thought that this exploit could just easily converted to work on the Mac or Linux platform since they use similar algorithms to protect their memory...

Have you only thought for one second that they showed it for the Windows platform because that's the one most users work on...
Indeed. This attack spans platforms. Vista gets the honor of being targeted in the article because, well, it's Vista and we're Microsoft... There's a fundamental flaw in all general purpose operating system architectures since they are all pretty much composed in the same way (from an OS perspective, Mac, Linux, Windows are all similar, architecturally - based on a 70s era OS model...)

The issue here is that all browsers run code from any number of untrusted Internet sources. The fact that you can corrupt memory using Javascript running in a browser goes back to what many have believed for a long time: The Internet is fundamentally broken from a security point of view and Javascript is one big security flaw...

This is not about Vista being insecure. It's about a much bigger problem that spans all platforms: The Internet is a dangerous place and when you run random code from some random source in a client like a web browser, well, bad things can happen.

More interesting is how to fix this. How do we, as an industry, make browsing the Internet fundamentally safe while at the same time allowing for in-browser (in process) innovations that require system resources and access to client componentry? Apparently, we have more work to do. Nobody at Microsoft thinks that "since they are .NET objects running in the browser, they are safe", as the article suggests. Many people understand that any application that exposes a user to the Internet and also runs code from the Internet can be used as an attack vector...

This article is an eye opener for the industry. Microsoft, as always, is used as an example for obvious reasons, but, again, this issue spans platforms.

C