Coffeehouse Thread

53 posts

Vista's Security Rendered Completely Useless By New Exploit

Back to Forum: Coffeehouse
  • User profile image
    corona_coder

    Im surprised, yet not, that no one has mentioned this.

    Vista is the new ME and when the details of this exploit are made public, Microsoft and Windows are finally done for.  get those Ubuntu or OpenSUSE CD's ready, its the only way you will be computing.

    My favorite line, This is completely GAME OVER.

    Windows Marketshare today, 90%

    Windows Marketshare when exploit is released, 2%

    You will always have someone who will stay with the ship and I expect most 9'ers to be the Band that plays while the ship goes down.

  • User profile image
    blowdart

    Sorry how many times have you said something is the final straw for Windows?

    As an aside it's interesting it's a browser exploit and doesn't, for a change, seem limited to IE. A bit worrying that the SRC didn't have a response; but it looks like the researchers aren't being that responsible in disclosure. Oh well.

  • User profile image
    DCMonkey

    fap fap fap fap

    And we'll still have twice the marketshare you have on the desktop

    FOAD

  • User profile image
    Dovella


  • User profile image
    Sven Groot

    It sounds pretty unbelievable to me. To make good on some of the claims made in the article they'd have to bypass not only Vista's security, but also the virtual memory system of the CPU. Unless their exploit can load code into the kernel that seems unlikely.

    Whatever the case, I'll be interested to see what they've come up with. But until I've seen them in action I have my reservations about things being as bad as the article claims.

  • User profile image
    stevo_

    Sven Groot said:
    It sounds pretty unbelievable to me. To make good on some of the claims made in the article they'd have to bypass not only Vista's security, but also the virtual memory system of the CPU. Unless their exploit can load code into the kernel that seems unlikely.

    Whatever the case, I'll be interested to see what they've come up with. But until I've seen them in action I have my reservations about things being as bad as the article claims.
    If its anything like all the other killer vista/windows exploits.. it'll just be a "YEA ITS COMING, JUST YOU WAIT!"... and ya - still waiting.

  • User profile image
    MasterPi

    Sven Groot said:
    It sounds pretty unbelievable to me. To make good on some of the claims made in the article they'd have to bypass not only Vista's security, but also the virtual memory system of the CPU. Unless their exploit can load code into the kernel that seems unlikely.

    Whatever the case, I'll be interested to see what they've come up with. But until I've seen them in action I have my reservations about things being as bad as the article claims.
    Sven Groot said:
    It sounds pretty unbelievable to me. To make good on some of the claims made in the article they'd have to bypass not only Vista's security, but also the virtual memory system of the CPU. Unless their exploit can load code into the kernel that seems unlikely.


    I don't know...it seems like yet another exploit in which the user would have to go through a number of precise steps before the darn exploit can work. And the bit about MS not being able to do anything...I'm pretty sure a patch or a few patches would fix this.


    Also, what's Corona doing on neowin?

  • User profile image
    androidi

    Well I went through the paper and assuming the facts are correct it does seem to level some of the protections for now. Much of it seems to rely on filling memory with the exploit code repeatedly in large amounts which is a bit suspect but might be hard to catch given that there's likely many ways that could be achieved (few of which were detailed in the paper).

    These technical black hat-ey things imho are less of a problem than plain ordinary trojans that you get from a trusted party. Users really shouldn't have to have any technical skills to say determine if some random app say decides to turn up your microphone gain and record everything you say in the background, or snap pics on your web cam etc etc. For example there was just a story that computer technician put a webcam spy program on the computer during the maintenance. If the web cam didn't have a light that went on and slowed the computer when it was recording the user might have not noticed this. I think that's unacceptable and solvable problem - any changes the maintenance technician did on the computer should leave a trace that can be compared to another existing trace on the Microsoft/OS provider servers to see whether unwanted behaviour was added. All points of access to input devices should be controlled through a verifiable path. Not much unlike the DRM concepts in Vista at first sight but instead of preventing user from using the computer to copy data these concepts should be used to put the user in control of the data and computer - complete opposite from DRM.

  • User profile image
    figuerres

    Yawn,  nothing to see here...

  • User profile image
    corona_coder

    Sven Groot said:
    It sounds pretty unbelievable to me. To make good on some of the claims made in the article they'd have to bypass not only Vista's security, but also the virtual memory system of the CPU. Unless their exploit can load code into the kernel that seems unlikely.

    Whatever the case, I'll be interested to see what they've come up with. But until I've seen them in action I have my reservations about things being as bad as the article claims.
    They put up a paper and some exploit code and from what I understand from the researchers, this is a very simple exploit to throw out to the public and very simple to execute an attack on ANYONE running Windows Vista and possibly XP SP2 and Server 2003.  Also, Linux and Mac users as always are safe.  This just shows bad development and lack of competence on the Windows development team.  

    Enjoy Windows while it lasts, because its about too go away.


  • User profile image
    matthews

    corona_coder said:
    Sven Groot said:
    *snip*
    They put up a paper and some exploit code and from what I understand from the researchers, this is a very simple exploit to throw out to the public and very simple to execute an attack on ANYONE running Windows Vista and possibly XP SP2 and Server 2003.  Also, Linux and Mac users as always are safe.  This just shows bad development and lack of competence on the Windows development team.  

    Enjoy Windows while it lasts, because its about too go away.


    Typical raving mad lusers.

  • User profile image
    Lloyd_Humph

    corona_coder said:
    Sven Groot said:
    *snip*
    They put up a paper and some exploit code and from what I understand from the researchers, this is a very simple exploit to throw out to the public and very simple to execute an attack on ANYONE running Windows Vista and possibly XP SP2 and Server 2003.  Also, Linux and Mac users as always are safe.  This just shows bad development and lack of competence on the Windows development team.  

    Enjoy Windows while it lasts, because its about too go away.


    No, Mac users and Linux users are not safe. I read somewhere (will find the source soon) that it could easily be applied to OSX and Linux.

    So once again, you're wrong. It's just out of Vista because of the BlackHat thing, and thats the machine they chose to test it on. They could've easily done it on any other one.

    Gizmodo:
    Presented by Mark Dowd and Alexander Sotirov, of IBM and VMware, respectively, the exploit negates key security features such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), which make it difficult to locate and execute code and data. And apparently this exploit is so broad and game changing that it could be applied to other platforms.
     

    If Blackberrys are addictive cellphones, Channel9 is the ultimate addictive website.
    Last modified
  • User profile image
    littleguru

    corona_coder said:
    Sven Groot said:
    *snip*
    They put up a paper and some exploit code and from what I understand from the researchers, this is a very simple exploit to throw out to the public and very simple to execute an attack on ANYONE running Windows Vista and possibly XP SP2 and Server 2003.  Also, Linux and Mac users as always are safe.  This just shows bad development and lack of competence on the Windows development team.  

    Enjoy Windows while it lasts, because its about too go away.


    Have you never thought that this exploit could just easily converted to work on the Mac or Linux platform since they use similar algorithms to protect their memory...

    Have you only thought for one second that they showed it for the Windows platform because that's the one most users work on...

  • User profile image
    blowdart

    Lloyd_Humph said:
    corona_coder said:
    *snip*
    No, Mac users and Linux users are not safe. I read somewhere (will find the source soon) that it could easily be applied to OSX and Linux.

    So once again, you're wrong. It's just out of Vista because of the BlackHat thing, and thats the machine they chose to test it on. They could've easily done it on any other one.

    Gizmodo:
    Presented by Mark Dowd and Alexander Sotirov, of IBM and VMware, respectively, the exploit negates key security features such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), which make it difficult to locate and execute code and data. And apparently this exploit is so broad and game changing that it could be applied to other platforms.
     
    http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

    Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.

    "This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon, sort of like heap spraying was."


  • User profile image
    littleguru

    In the paper they say that they have found a way to corrupt memory but they need a process with higher rights to execute that corrupted memory, otherwise they can't damage the system (buffer overflows).

    Now IE runs in Vista with low rights (IE protected mode). If they are able to make IE execute the code they can't do much with it: the IE process doesn't see the file system as it is nor is the code that is executed within the IE process able to alter or corrupt system files or users files.

    The paper says nothing about how or if they break out of the IE sandbox. They probably haven't found a way to do it otherwise they would have added that too - seeing how many different ways of attack they address and describe in their paper.

    I'm really curious about the response from our security guys...

  • User profile image
    Charles

    littleguru said:
    corona_coder said:
    *snip*
    Have you never thought that this exploit could just easily converted to work on the Mac or Linux platform since they use similar algorithms to protect their memory...

    Have you only thought for one second that they showed it for the Windows platform because that's the one most users work on...
    Indeed. This attack spans platforms. Vista gets the honor of being targeted in the article because, well, it's Vista and we're Microsoft... There's a fundamental flaw in all general purpose operating system architectures since they are all pretty much composed in the same way (from an OS perspective, Mac, Linux, Windows are all similar, architecturally - based on a 70s era OS model...)

    The issue here is that all browsers run code from any number of untrusted Internet sources. The fact that you can corrupt memory using Javascript running in a browser goes back to what many have believed for a long time: The Internet is fundamentally broken from a security point of view and Javascript is one big security flaw...

    This is not about Vista being insecure. It's about a much bigger problem that spans all platforms: The Internet is a dangerous place and when you run random code from some random source in a client like a web browser, well, bad things can happen.

    More interesting is how to fix this. How do we, as an industry, make browsing the Internet fundamentally safe while at the same time allowing for in-browser (in process) innovations that require system resources and access to client componentry? Apparently, we have more work to do. Nobody at Microsoft thinks that "since they are .NET objects running in the browser, they are safe", as the article suggests. Many people understand that any application that exposes a user to the Internet and also runs code from the Internet can be used as an attack vector...

    This article is an eye opener for the industry. Microsoft, as always, is used as an example for obvious reasons, but, again, this issue spans platforms.

    C

  • User profile image
    littleguru

    Charles said:
    littleguru said:
    *snip*
    Indeed. This attack spans platforms. Vista gets the honor of being targeted in the article because, well, it's Vista and we're Microsoft... There's a fundamental flaw in all general purpose operating system architectures since they are all pretty much composed in the same way (from an OS perspective, Mac, Linux, Windows are all similar, architecturally - based on a 70s era OS model...)

    The issue here is that all browsers run code from any number of untrusted Internet sources. The fact that you can corrupt memory using Javascript running in a browser goes back to what many have believed for a long time: The Internet is fundamentally broken from a security point of view and Javascript is one big security flaw...

    This is not about Vista being insecure. It's about a much bigger problem that spans all platforms: The Internet is a dangerous place and when you run random code from some random source in a client like a web browser, well, bad things can happen.

    More interesting is how to fix this. How do we, as an industry, make browsing the Internet fundamentally safe while at the same time allowing for in-browser (in process) innovations that require system resources and access to client componentry? Apparently, we have more work to do. Nobody at Microsoft thinks that "since they are .NET objects running in the browser, they are safe", as the article suggests. Many people understand that any application that exposes a user to the Internet and also runs code from the Internet can be used as an attack vector...

    This article is an eye opener for the industry. Microsoft, as always, is used as an example for obvious reasons, but, again, this issue spans platforms.

    C
    Actually, I have to disagree with the reasons for why they chose Vista to demonstrate the flaws.

    What would be the impact if they said: "Linux is vulnerable to this."? Well, I would have read over it and thought: "yeah, nice to know but doesn't really bother me." and so would have done 95%+ of all other readers.

    But when they say: "Windows Vista and probably XP are vulnerable to it" then it's getting interesting. Millions of people run that operating system on a daily base. All of them have now a big problem... wow! That's something that gives them fame and glory.

  • User profile image
    Charles

    littleguru said:
    Charles said:
    *snip*
    Actually, I have to disagree with the reasons for why they chose Vista to demonstrate the flaws.

    What would be the impact if they said: "Linux is vulnerable to this."? Well, I would have read over it and thought: "yeah, nice to know but doesn't really bother me." and so would have done 95%+ of all other readers.

    But when they say: "Windows Vista and probably XP are vulnerable to it" then it's getting interesting. Millions of people run that operating system on a daily base. All of them have now a big problem... wow! That's something that gives them fame and glory.
    Well, that's what I implied Smiley I agree.

    C

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.