Windows Vista Vista's Security Rendered Completely Useless by New Exploit

  • Thread starter Thread starter Warp 10
  • Start date Start date
W

Warp 10

Guest
I guess the LIE that vista is more secure than windows XP has gone down the
drain....


http://www.neowin.net/news/main/08/...ty-rendered-completely-useless-by-new-exploit

This week at the Black Hat Security Conference two security researchers will
discuss their findings which could completely bring Windows Vista to its
knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of
VMware Inc. have discovered a technique that can be used to bypass all
memory protection safeguards that Microsoft built into Windows Vista. These
new methods have been used to get around Vista's Address Space Layout
Randomization (ASLR), Data Execution Prevention (DEP) and other protections
by loading malicious content through an active web browser. The researchers
were able to load whatever content they wanted into any location they wished
on a user's machine using a variety of scripting languages, such as Java,
ActiveX and even .NET objects. This feat was achieved by taking advantage of
the way that Internet Explorer (and other browsers) handle active scripting
in the Operating System.

While this may seem like any standard security hole, other researchers say
that the work is a major breakthrough and there is very little that
Microsoft can do to fix the problems. These attacks work differently than
other security exploits, as they aren't based on any new Windows
vulnerabilities, but instead take advantage of the way Microsoft chose to
guard Vista's fundamental architecture. According to Dino Dai Zovi, a
popular security researcher, "the genius of this is that it's completely
reusable. They have attacks that let them load chosen content to a chosen
location with chosen permissions. That's completely game over."

According to Microsoft, many of the defenses added to Windows Vista (and
Windows Server 2008) were added to stop all host-based attacks. For example,
ASLR is meant to stop attackers from predicting key memory addresses by
randomly moving a process' stack, heap and libraries. While this technique
is very useful against memory corruption attacks, it would be rendered
useless against Dowd and Sotirov's new method. "This stuff just takes a
knife to a large part of the security mesh Microsoft built into Vista," said
Dai Zovi. "If you think about the fact that .NET loads DLLs into the browser
itself and then Microsoft assumes they're safe because they're .NET objects,
you see that Microsoft didn't think about the idea that these could be used
as stepping stones for other attacks. This is a real tour de force."

While Microsoft hasn't officially responded to the findings, Mike Reavey,
group manager of the Microsoft Security Response Center, said the company
has been aware of the research and is very interested to see it once it has
been made public. It currently isn't known whether these exploits can be
used against older Microsoft Operating Systems, such as Windows XP and
Windows Server 2003, but since these techniques do not rely on any one
specific vulnerability, Zovi believes that we may suddenly see many similar
techniques applied to other platforms or environments. "This is not insanely
technical. These two guys are capable of the really low-level technical
attacks, but this is simple and reusable," Dai Zovi said. "I definitely
think this will get reused soon."

These techniques are being seen as an advance that many in the security
community say will have far-reaching implications not only for Microsoft,
but also on how the entire technology industry thinks about attacks. Expect
to be hearing more about this in the near future and possibly being faced
with the prospect of your "secure" server being stripped completely naked of
all its protection.

Link: Black Hat Security Conference
Link: How To Impress Girls With Browser Memory Protection Bypasses
 
Re: Vista's Security Rendered Completely Useless by New Exploit

Keep on with your LIES! Fact is that the least number of attacks are on
Vista systems. And for the rest: go to another newsgroup! This does not
belong here!

"Warp 10" <warpe@ro.com> schreef in bericht
news:489c1a0e@newsgate.x-privat.org...
> I guess the LIE that vista is more secure than windows XP has gone down
> the drain....
>
>
> http://www.neowin.net/news/main/08/...ty-rendered-completely-useless-by-new-exploit
>
> This week at the Black Hat Security Conference two security researchers
> will discuss their findings which could completely bring Windows Vista to
> its knees.
>
> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of
> VMware Inc. have discovered a technique that can be used to bypass all
> memory protection safeguards that Microsoft built into Windows Vista.
> These new methods have been used to get around Vista's Address Space
> Layout Randomization (ASLR), Data Execution Prevention (DEP) and other
> protections by loading malicious content through an active web browser.
> The researchers were able to load whatever content they wanted into any
> location they wished on a user's machine using a variety of scripting
> languages, such as Java, ActiveX and even .NET objects. This feat was
> achieved by taking advantage of the way that Internet Explorer (and other
> browsers) handle active scripting in the Operating System.
>
> While this may seem like any standard security hole, other researchers say
> that the work is a major breakthrough and there is very little that
> Microsoft can do to fix the problems. These attacks work differently than
> other security exploits, as they aren't based on any new Windows
> vulnerabilities, but instead take advantage of the way Microsoft chose to
> guard Vista's fundamental architecture. According to Dino Dai Zovi, a
> popular security researcher, "the genius of this is that it's completely
> reusable. They have attacks that let them load chosen content to a chosen
> location with chosen permissions. That's completely game over."
>
> According to Microsoft, many of the defenses added to Windows Vista (and
> Windows Server 2008) were added to stop all host-based attacks. For
> example, ASLR is meant to stop attackers from predicting key memory
> addresses by randomly moving a process' stack, heap and libraries. While
> this technique is very useful against memory corruption attacks, it would
> be rendered useless against Dowd and Sotirov's new method. "This stuff
> just takes a knife to a large part of the security mesh Microsoft built
> into Vista," said Dai Zovi. "If you think about the fact that .NET loads
> DLLs into the browser itself and then Microsoft assumes they're safe
> because they're .NET objects, you see that Microsoft didn't think about
> the idea that these could be used as stepping stones for other attacks.
> This is a real tour de force."
>
> While Microsoft hasn't officially responded to the findings, Mike Reavey,
> group manager of the Microsoft Security Response Center, said the company
> has been aware of the research and is very interested to see it once it
> has been made public. It currently isn't known whether these exploits can
> be used against older Microsoft Operating Systems, such as Windows XP and
> Windows Server 2003, but since these techniques do not rely on any one
> specific vulnerability, Zovi believes that we may suddenly see many
> similar techniques applied to other platforms or environments. "This is
> not insanely technical. These two guys are capable of the really low-level
> technical attacks, but this is simple and reusable," Dai Zovi said. "I
> definitely think this will get reused soon."
>
> These techniques are being seen as an advance that many in the security
> community say will have far-reaching implications not only for Microsoft,
> but also on how the entire technology industry thinks about attacks.
> Expect to be hearing more about this in the near future and possibly being
> faced with the prospect of your "secure" server being stripped completely
> naked of all its protection.
>
> Link: Black Hat Security Conference
> Link: How To Impress Girls With Browser Memory Protection Bypasses
 
Re: Vista's Security Rendered Completely Useless by New Exploit

what does not belong here?

An article about vista does not belong here?

Are you nuts?

Wait, no need to answer, I already know the answer to that question! LOL




"Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
news:OCXBQoU#IHA.4320@TK2MSFTNGP04.phx.gbl...
> Keep on with your LIES! Fact is that the least number of attacks are on
> Vista systems. And for the rest: go to another newsgroup! This does not
> belong here!
>
> "Warp 10" <warpe@ro.com> schreef in bericht
> news:489c1a0e@newsgate.x-privat.org...
>> I guess the LIE that vista is more secure than windows XP has gone down
>> the drain....
>>
>>
>> http://www.neowin.net/news/main/08/...ty-rendered-completely-useless-by-new-exploit
>>
>> This week at the Black Hat Security Conference two security researchers
>> will discuss their findings which could completely bring Windows Vista to
>> its knees.
>>
>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov,
>> of VMware Inc. have discovered a technique that can be used to bypass all
>> memory protection safeguards that Microsoft built into Windows Vista.
>> These new methods have been used to get around Vista's Address Space
>> Layout Randomization (ASLR), Data Execution Prevention (DEP) and other
>> protections by loading malicious content through an active web browser.
>> The researchers were able to load whatever content they wanted into any
>> location they wished on a user's machine using a variety of scripting
>> languages, such as Java, ActiveX and even .NET objects. This feat was
>> achieved by taking advantage of the way that Internet Explorer (and other
>> browsers) handle active scripting in the Operating System.
>>
>> While this may seem like any standard security hole, other researchers
>> say that the work is a major breakthrough and there is very little that
>> Microsoft can do to fix the problems. These attacks work differently than
>> other security exploits, as they aren't based on any new Windows
>> vulnerabilities, but instead take advantage of the way Microsoft chose to
>> guard Vista's fundamental architecture. According to Dino Dai Zovi, a
>> popular security researcher, "the genius of this is that it's completely
>> reusable. They have attacks that let them load chosen content to a chosen
>> location with chosen permissions. That's completely game over."
>>
>> According to Microsoft, many of the defenses added to Windows Vista (and
>> Windows Server 2008) were added to stop all host-based attacks. For
>> example, ASLR is meant to stop attackers from predicting key memory
>> addresses by randomly moving a process' stack, heap and libraries. While
>> this technique is very useful against memory corruption attacks, it would
>> be rendered useless against Dowd and Sotirov's new method. "This stuff
>> just takes a knife to a large part of the security mesh Microsoft built
>> into Vista," said Dai Zovi. "If you think about the fact that .NET loads
>> DLLs into the browser itself and then Microsoft assumes they're safe
>> because they're .NET objects, you see that Microsoft didn't think about
>> the idea that these could be used as stepping stones for other attacks.
>> This is a real tour de force."
>>
>> While Microsoft hasn't officially responded to the findings, Mike Reavey,
>> group manager of the Microsoft Security Response Center, said the company
>> has been aware of the research and is very interested to see it once it
>> has been made public. It currently isn't known whether these exploits can
>> be used against older Microsoft Operating Systems, such as Windows XP and
>> Windows Server 2003, but since these techniques do not rely on any one
>> specific vulnerability, Zovi believes that we may suddenly see many
>> similar techniques applied to other platforms or environments. "This is
>> not insanely technical. These two guys are capable of the really
>> low-level technical attacks, but this is simple and reusable," Dai Zovi
>> said. "I definitely think this will get reused soon."
>>
>> These techniques are being seen as an advance that many in the security
>> community say will have far-reaching implications not only for Microsoft,
>> but also on how the entire technology industry thinks about attacks.
>> Expect to be hearing more about this in the near future and possibly
>> being faced with the prospect of your "secure" server being stripped
>> completely naked of all its protection.
>>
>> Link: Black Hat Security Conference
>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>
 
Re: Vista's Security Rendered Completely Useless by New Exploit

Flaming Vista and its users don't belong here, troll! For lies about Vista
are other groups. Try to find newsgroups with the subject flame and piss off
here.



"Warp 10" <warpe@ro.com> schreef in bericht
news:489c5069@newsgate.x-privat.org...
> what does not belong here?
>
> An article about vista does not belong here?
>
> Are you nuts?
>
> Wait, no need to answer, I already know the answer to that question! LOL
>
>
>
>
> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
> news:OCXBQoU#IHA.4320@TK2MSFTNGP04.phx.gbl...
>> Keep on with your LIES! Fact is that the least number of attacks are on
>> Vista systems. And for the rest: go to another newsgroup! This does not
>> belong here!
>>
>> "Warp 10" <warpe@ro.com> schreef in bericht
>> news:489c1a0e@newsgate.x-privat.org...
>>> I guess the LIE that vista is more secure than windows XP has gone down
>>> the drain....
>>>
>>>
>>> http://www.neowin.net/news/main/08/...ty-rendered-completely-useless-by-new-exploit
>>>
>>> This week at the Black Hat Security Conference two security researchers
>>> will discuss their findings which could completely bring Windows Vista
>>> to its knees.
>>>
>>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov,
>>> of VMware Inc. have discovered a technique that can be used to bypass
>>> all memory protection safeguards that Microsoft built into Windows
>>> Vista. These new methods have been used to get around Vista's Address
>>> Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and
>>> other protections by loading malicious content through an active web
>>> browser. The researchers were able to load whatever content they wanted
>>> into any location they wished on a user's machine using a variety of
>>> scripting languages, such as Java, ActiveX and even .NET objects. This
>>> feat was achieved by taking advantage of the way that Internet Explorer
>>> (and other browsers) handle active scripting in the Operating System.
>>>
>>> While this may seem like any standard security hole, other researchers
>>> say that the work is a major breakthrough and there is very little that
>>> Microsoft can do to fix the problems. These attacks work differently
>>> than other security exploits, as they aren't based on any new Windows
>>> vulnerabilities, but instead take advantage of the way Microsoft chose
>>> to guard Vista's fundamental architecture. According to Dino Dai Zovi, a
>>> popular security researcher, "the genius of this is that it's completely
>>> reusable. They have attacks that let them load chosen content to a
>>> chosen location with chosen permissions. That's completely game over."
>>>
>>> According to Microsoft, many of the defenses added to Windows Vista (and
>>> Windows Server 2008) were added to stop all host-based attacks. For
>>> example, ASLR is meant to stop attackers from predicting key memory
>>> addresses by randomly moving a process' stack, heap and libraries. While
>>> this technique is very useful against memory corruption attacks, it
>>> would be rendered useless against Dowd and Sotirov's new method. "This
>>> stuff just takes a knife to a large part of the security mesh Microsoft
>>> built into Vista," said Dai Zovi. "If you think about the fact that .NET
>>> loads DLLs into the browser itself and then Microsoft assumes they're
>>> safe because they're .NET objects, you see that Microsoft didn't think
>>> about the idea that these could be used as stepping stones for other
>>> attacks. This is a real tour de force."
>>>
>>> While Microsoft hasn't officially responded to the findings, Mike
>>> Reavey, group manager of the Microsoft Security Response Center, said
>>> the company has been aware of the research and is very interested to see
>>> it once it has been made public. It currently isn't known whether these
>>> exploits can be used against older Microsoft Operating Systems, such as
>>> Windows XP and Windows Server 2003, but since these techniques do not
>>> rely on any one specific vulnerability, Zovi believes that we may
>>> suddenly see many similar techniques applied to other platforms or
>>> environments. "This is not insanely technical. These two guys are
>>> capable of the really low-level technical attacks, but this is simple
>>> and reusable," Dai Zovi said. "I definitely think this will get reused
>>> soon."
>>>
>>> These techniques are being seen as an advance that many in the security
>>> community say will have far-reaching implications not only for
>>> Microsoft, but also on how the entire technology industry thinks about
>>> attacks. Expect to be hearing more about this in the near future and
>>> possibly being faced with the prospect of your "secure" server being
>>> stripped completely naked of all its protection.
>>>
>>> Link: Black Hat Security Conference
>>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>>
 
Re: Vista's Security Rendered Completely Useless by New Exploit

"Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in
news:eNei$hW#IHA.4912@TK2MSFTNGP04.phx.gbl:

> Flaming Vista and its users don't belong here, troll! For lies about
> Vista are other groups. Try to find newsgroups with the subject flame
> and piss off here.

I saw no groups with 'flame' AND Vista in the title, and the article was
not 'flaming' Vista, nor were there any lies. Do you have any idea what
'flaming' means in the context of the internet ? (And it's got nothing to
do with a lifestyle choice.)

The OP was absolutely on-topic, as reporting what could be a major flaw in
Vista security.
 
Re: Vista's Security Rendered Completely Useless by New Exploit

where exactly is the point where I flame vista users?

because I am telling the truth that vista is not really more secure than xp
and its just a myth to sell more vista copies?

You don't seem able to handle the truth, or if you don't like calling it the
truth at least call it other peoples opinions...

if you want a newsgroup dictatorship where people only love vista make your
own moderated forum...

if not, stay here but be more flexible

because vista is really ****



"Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
news:eNei$hW#IHA.4912@TK2MSFTNGP04.phx.gbl...
> Flaming Vista and its users don't belong here, troll! For lies about Vista
> are other groups. Try to find newsgroups with the subject flame and piss
> off here.
>
>
>
> "Warp 10" <warpe@ro.com> schreef in bericht
> news:489c5069@newsgate.x-privat.org...
>> what does not belong here?
>>
>> An article about vista does not belong here?
>>
>> Are you nuts?
>>
>> Wait, no need to answer, I already know the answer to that question! LOL
>>
>>
>>
>>
>> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
>> news:OCXBQoU#IHA.4320@TK2MSFTNGP04.phx.gbl...
>>> Keep on with your LIES! Fact is that the least number of attacks are on
>>> Vista systems. And for the rest: go to another newsgroup! This does not
>>> belong here!
>>>
>>> "Warp 10" <warpe@ro.com> schreef in bericht
>>> news:489c1a0e@newsgate.x-privat.org...
>>>> I guess the LIE that vista is more secure than windows XP has gone down
>>>> the drain....
>>>>
>>>>
>>>> http://www.neowin.net/news/main/08/...ty-rendered-completely-useless-by-new-exploit
>>>>
>>>> This week at the Black Hat Security Conference two security researchers
>>>> will discuss their findings which could completely bring Windows Vista
>>>> to its knees.
>>>>
>>>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov,
>>>> of VMware Inc. have discovered a technique that can be used to bypass
>>>> all memory protection safeguards that Microsoft built into Windows
>>>> Vista. These new methods have been used to get around Vista's Address
>>>> Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and
>>>> other protections by loading malicious content through an active web
>>>> browser. The researchers were able to load whatever content they wanted
>>>> into any location they wished on a user's machine using a variety of
>>>> scripting languages, such as Java, ActiveX and even .NET objects. This
>>>> feat was achieved by taking advantage of the way that Internet Explorer
>>>> (and other browsers) handle active scripting in the Operating System.
>>>>
>>>> While this may seem like any standard security hole, other researchers
>>>> say that the work is a major breakthrough and there is very little that
>>>> Microsoft can do to fix the problems. These attacks work differently
>>>> than other security exploits, as they aren't based on any new Windows
>>>> vulnerabilities, but instead take advantage of the way Microsoft chose
>>>> to guard Vista's fundamental architecture. According to Dino Dai Zovi,
>>>> a popular security researcher, "the genius of this is that it's
>>>> completely reusable. They have attacks that let them load chosen
>>>> content to a chosen location with chosen permissions. That's completely
>>>> game over."
>>>>
>>>> According to Microsoft, many of the defenses added to Windows Vista
>>>> (and Windows Server 2008) were added to stop all host-based attacks.
>>>> For example, ASLR is meant to stop attackers from predicting key memory
>>>> addresses by randomly moving a process' stack, heap and libraries.
>>>> While this technique is very useful against memory corruption attacks,
>>>> it would be rendered useless against Dowd and Sotirov's new method.
>>>> "This stuff just takes a knife to a large part of the security mesh
>>>> Microsoft built into Vista," said Dai Zovi. "If you think about the
>>>> fact that .NET loads DLLs into the browser itself and then Microsoft
>>>> assumes they're safe because they're .NET objects, you see that
>>>> Microsoft didn't think about the idea that these could be used as
>>>> stepping stones for other attacks. This is a real tour de force."
>>>>
>>>> While Microsoft hasn't officially responded to the findings, Mike
>>>> Reavey, group manager of the Microsoft Security Response Center, said
>>>> the company has been aware of the research and is very interested to
>>>> see it once it has been made public. It currently isn't known whether
>>>> these exploits can be used against older Microsoft Operating Systems,
>>>> such as Windows XP and Windows Server 2003, but since these techniques
>>>> do not rely on any one specific vulnerability, Zovi believes that we
>>>> may suddenly see many similar techniques applied to other platforms or
>>>> environments. "This is not insanely technical. These two guys are
>>>> capable of the really low-level technical attacks, but this is simple
>>>> and reusable," Dai Zovi said. "I definitely think this will get reused
>>>> soon."
>>>>
>>>> These techniques are being seen as an advance that many in the security
>>>> community say will have far-reaching implications not only for
>>>> Microsoft, but also on how the entire technology industry thinks about
>>>> attacks. Expect to be hearing more about this in the near future and
>>>> possibly being faced with the prospect of your "secure" server being
>>>> stripped completely naked of all its protection.
>>>>
>>>> Link: Black Hat Security Conference
>>>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>>>
 
Re: Vista's Security Rendered Completely Useless by New Exploit

Prove what you say. Otherwise keep your mouth shut!


"Warp 10" <warpe@ro.com> schreef in bericht
news:489c75ea$1@newsgate.x-privat.org...
> where exactly is the point where I flame vista users?
>
> because I am telling the truth that vista is not really more secure than
> xp and its just a myth to sell more vista copies?
>
> You don't seem able to handle the truth, or if you don't like calling it
> the truth at least call it other peoples opinions...
>
> if you want a newsgroup dictatorship where people only love vista make
> your own moderated forum...
>
> if not, stay here but be more flexible
>
> because vista is really ****
>
>
>
> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
> news:eNei$hW#IHA.4912@TK2MSFTNGP04.phx.gbl...
>> Flaming Vista and its users don't belong here, troll! For lies about
>> Vista are other groups. Try to find newsgroups with the subject flame and
>> piss off here.
>>
>>
>>
>> "Warp 10" <warpe@ro.com> schreef in bericht
>> news:489c5069@newsgate.x-privat.org...
>>> what does not belong here?
>>>
>>> An article about vista does not belong here?
>>>
>>> Are you nuts?
>>>
>>> Wait, no need to answer, I already know the answer to that question! LOL
>>>
>>>
>>>
>>>
>>> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
>>> news:OCXBQoU#IHA.4320@TK2MSFTNGP04.phx.gbl...
>>>> Keep on with your LIES! Fact is that the least number of attacks are on
>>>> Vista systems. And for the rest: go to another newsgroup! This does not
>>>> belong here!
>>>>
>>>> "Warp 10" <warpe@ro.com> schreef in bericht
>>>> news:489c1a0e@newsgate.x-privat.org...
>>>>> I guess the LIE that vista is more secure than windows XP has gone
>>>>> down the drain....
>>>>>
>>>>>
>>>>> http://www.neowin.net/news/main/08/...ty-rendered-completely-useless-by-new-exploit
>>>>>
>>>>> This week at the Black Hat Security Conference two security
>>>>> researchers will discuss their findings which could completely bring
>>>>> Windows Vista to its knees.
>>>>>
>>>>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander
>>>>> Sotirov, of VMware Inc. have discovered a technique that can be used
>>>>> to bypass all memory protection safeguards that Microsoft built into
>>>>> Windows Vista. These new methods have been used to get around Vista's
>>>>> Address Space Layout Randomization (ASLR), Data Execution Prevention
>>>>> (DEP) and other protections by loading malicious content through an
>>>>> active web browser. The researchers were able to load whatever content
>>>>> they wanted into any location they wished on a user's machine using a
>>>>> variety of scripting languages, such as Java, ActiveX and even .NET
>>>>> objects. This feat was achieved by taking advantage of the way that
>>>>> Internet Explorer (and other browsers) handle active scripting in the
>>>>> Operating System.
>>>>>
>>>>> While this may seem like any standard security hole, other researchers
>>>>> say that the work is a major breakthrough and there is very little
>>>>> that Microsoft can do to fix the problems. These attacks work
>>>>> differently than other security exploits, as they aren't based on any
>>>>> new Windows vulnerabilities, but instead take advantage of the way
>>>>> Microsoft chose to guard Vista's fundamental architecture. According
>>>>> to Dino Dai Zovi, a popular security researcher, "the genius of this
>>>>> is that it's completely reusable. They have attacks that let them load
>>>>> chosen content to a chosen location with chosen permissions. That's
>>>>> completely game over."
>>>>>
>>>>> According to Microsoft, many of the defenses added to Windows Vista
>>>>> (and Windows Server 2008) were added to stop all host-based attacks.
>>>>> For example, ASLR is meant to stop attackers from predicting key
>>>>> memory addresses by randomly moving a process' stack, heap and
>>>>> libraries. While this technique is very useful against memory
>>>>> corruption attacks, it would be rendered useless against Dowd and
>>>>> Sotirov's new method. "This stuff just takes a knife to a large part
>>>>> of the security mesh Microsoft built into Vista," said Dai Zovi. "If
>>>>> you think about the fact that .NET loads DLLs into the browser itself
>>>>> and then Microsoft assumes they're safe because they're .NET objects,
>>>>> you see that Microsoft didn't think about the idea that these could be
>>>>> used as stepping stones for other attacks. This is a real tour de
>>>>> force."
>>>>>
>>>>> While Microsoft hasn't officially responded to the findings, Mike
>>>>> Reavey, group manager of the Microsoft Security Response Center, said
>>>>> the company has been aware of the research and is very interested to
>>>>> see it once it has been made public. It currently isn't known whether
>>>>> these exploits can be used against older Microsoft Operating Systems,
>>>>> such as Windows XP and Windows Server 2003, but since these techniques
>>>>> do not rely on any one specific vulnerability, Zovi believes that we
>>>>> may suddenly see many similar techniques applied to other platforms or
>>>>> environments. "This is not insanely technical. These two guys are
>>>>> capable of the really low-level technical attacks, but this is simple
>>>>> and reusable," Dai Zovi said. "I definitely think this will get reused
>>>>> soon."
>>>>>
>>>>> These techniques are being seen as an advance that many in the
>>>>> security community say will have far-reaching implications not only
>>>>> for Microsoft, but also on how the entire technology industry thinks
>>>>> about attacks. Expect to be hearing more about this in the near future
>>>>> and possibly being faced with the prospect of your "secure" server
>>>>> being stripped completely naked of all its protection.
>>>>>
>>>>> Link: Black Hat Security Conference
>>>>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>>>>
 
Re: Vista's Security Rendered Completely Useless by New Exploit

DanS wrote:

-----------------------------

Look up the word "possible', then report back to me.
 
Re: Vista's Security Rendered Completely Useless by New Exploit


I am glad you have told me of this security isue and would like to know
if having no script enabled on my firefox browser could make it more
secure from this sort of atack.

I think this is the place for these type of facts especially if we can
do something to help lower the risk of security atacks and I would not
consider it flaming!


--
Mr GRiM
 
Re: Vista's Security Rendered Completely Useless by New Exploit

On Sat, 9 Aug 2008 11:24:07 -0500, Mr GRiM <guest@unknown-email.com>
wrote:

>
>I am glad you have told me of this security isue and would like to know
>if having no script enabled on my firefox browser could make it more
>secure from this sort of atack.

Probably. However since Firefox is also a popular browser it might
already be or sometime in the future be targeted for this kind of
mischief as well.
 
Re: Vista's Security Rendered Completely Useless by New Exploit

On Sat, 09 Aug 2008 12:20:59 -0500, Ringmaster wrote:

> On Sat, 9 Aug 2008 11:24:07 -0500, Mr GRiM <guest@unknown-email.com>
> wrote:
>
>
>>I am glad you have told me of this security isue and would like to know
>>if having no script enabled on my firefox browser could make it more
>>secure from this sort of atack.
>
> Probably. However since Firefox is also a popular browser it might
> already be or sometime in the future be targeted for this kind of
> mischief as well.

No duh !
Ya think ?
Ya think in the future keyboards will have letters and numbers on 'em ?



--
Hobbes, Tiger Extraordinaire
 
Re: Vista's Security Rendered Completely Useless by New Exploit

Warp 10, the #1 idiot moron loser wrote:

> Frank...
>
>
> You know that adam is pulverizing your ass each time ???

hehehe...you mean like you think that you are kicking my ass?...LOL!
I bet you wish you actually had a brain don't you, you worthless pile of
****?...LOL!
 
The real indictment of adam albright, aka ringbasterd!

The real indictment of adam albright, aka ringbasterd!

By PowerUser:
"Licentious. Obnoxious. Anti-democratic. In case you can't tell, I'm
making a direct reference to Mr. Adam Albright. Before I launch into my
main topic, I want to make a few matters crystal-clear: (1) Failure to
recognize this salient point will result in Adam's getting free reign to
enshrine irrational fears and fancies as truth, and (2) as a result of
that, my observations are perhaps unique. Now that you know where I
stand on those issues, I can safely say that wily cutthroats like Adam
are not born -- they are excreted. However unsavory that metaphor may
be, Adam acts as if he were King of the World. This hauteur is
astonishing, staggering, and mind-boggling. He truly believes that he
defends the real needs of the working class. It is just such
counter-productive megalomania, muddleheaded egoism, and intellectual
aberrancy that stirs Adam to carve out space in the mainstream for
ungrateful politics.

I want to draw two important conclusions from this. The first is that
Adam and his gofers are wolves in sheep's clothing who will create
profound emotional distress for people on both sides of the issue
eventually, and the second is that the justification he gave for seeking
to judge people by the color of their skin while ignoring the content of
their character was one of the most addlepated justifications I've ever
heard. It was so addlepated, in fact, that I will not repeat it here.
Even without hearing the details you can still see my point quite
clearly: Adam keeps telling everyone within earshot that honesty and
responsibility have no cash value and are therefore worthless. I'm
guessing that Adam read that on some Web site of dubious validity. More
reliable sources generally indicate that he isn't as smart as he thinks
he is. As an interesting experiment, try to point this out to
Adam. (You might want to don safety equipment first.) I think you'll
find that if he had even a shred of intellectual integrity, he'd admit
that he has no evidence or examples to back up his point. Still, I
recommend you check out some of his commentaries and draw your own
conclusions on the matter. Adam teaches workshops on clericalism.
Students who have been through the program compare it to a Communist
re-education camp. Those who fail to learn from history are doomed to
repeat it. Of course, if Adam had learned anything from history, he'd
know that I challenge him to point out any text in this letter that
proposes that we ought to worship feckless mountebanks as folk heroes.
It isn't there. There's neither a hint nor a suggestion of such a thing.


We no longer have the luxury of indulging in universalist, altruistic
principles that, no matter how noble they may appear, have enabled the
most self-satisfied spouters I've ever seen to compose paeans to
irrationalism. Didn't Adam tell his comrades that he wants to make
people suspicious of those who speak the truth? Did he first give any
thought to what would happen if he did? Of course, that question is
ridiculous -- as ridiculous as his gormless platitudes. None but the
grotesque can deny that he says that the sun rises just for him. What he
means by this, of course, is that he wants free reign to threaten the
existence of human life, perhaps all life on the planet. I understand
that I become truly impatient with people who refuse to recognize the
key role that he is playing in the destruction of our civilization, but
from the fog and mist of his disquisitions rises the leering grimace of
nihilism. An equal but opposite observation is that I and Adam part
company when it comes to the issue of quislingism. He feels that
those who disagree with him should be cast into the outer darkness,
should be shunned, should starve, while I suspect that he needs to stop
living in a fool's paradise. But there's the rub; his idea of mutinous
autism is no political belief. It is a fierce and burning gospel of
hatred and intolerance, of murder and destruction, and the unloosing of
an irascible blood-lust. It is, in every sense, a doctrinaire and pagan
religion that incites its worshipers to an infernal frenzy and then
prompts them to precipitate riots.


Adam does not merely undermine the current world order. He does so
consciously, deliberately, willfully, and methodically. His undertakings
were never about tolerance and equality. That was just window dressing
for the "innocents". Rather, someone has been giving Adam's brain a very
thorough washing, and now Adam is trying to do the same to us. Several
things he has said have brought me to the boiling point. The statement
of his that made the strongest impression on me, however, was something
to the effect of how he is a refined gentleman with the soundest
education and morals you can imagine. Forgive me for boring you with all
the gory details, but Adam's hypocrisy is transparent. Even the least
discerning among us can see right through it.


It's easy to tell if Adam's lying. If his lips are moving, he's lying.
Although Adam demonstrates a great deal of ignorance and presumption
when he says that he commands an army of robots that live in the hollow
center of the earth and produce earthquakes whenever they feel like
shaking things up a bit on the surface, the fact remains that in order
to convince us that he has the authority to issue licenses for
practicing heathenism, Adam often turns to the old propagandist trick of
comparing results brought about by entirely dissimilar causes. Now that
you've read the bulk of this letter, it should not come as a complete
surprise that there can be no argument that when I first realized that
Mr. Adam Albright is a proponent of "paternalism" -- a term Adam uses
catachrestically in place of "Pyrrhonism" -- a cold shudder ran down my
back. However, this fact bears repeating again and again, until the
words crack through the hardened exteriors of those who would violate
the basic tenets of journalism and scholarship. I am referring, of
course, to the likes of Adam Albright."

Want to read more about this failed drunken accountant and big mouth
lying pig?
For your reading pleasure!

http://groups.google.com/groups/profile?hl=en&enc_user=tYag3woAAABrYFiZuwWGCKzw8oMmJKS7

Enjoy!
I know I did!...LOL!
Frank
 
Re: Vista's Security Rendered Completely Useless by New Exploit



fb wrote:
> Warp 10, the #1 idiot moron loser wrote:
>
>> Frank...
>>
>>
>> You know that adam is pulverizing your ass each time ???
>
> hehehe...you mean like you think that you are kicking my ass?...LOL!
> I bet you wish you actually had a brain don't you, you worthless pile
> of ****?...LOL!

Why are you such a foolish child? I just cannot beleive what a baby you
are. I guess you never grew up.

Or is it that you were used as a tackling dummy for the San Diego Chargers.
 
Re: Vista's Security Rendered Completely Useless by New Exploit

fb wrote:
> Warp 10 wrote:
>
>
>>>
>>> Here is my wife, daughter and other family members!
>>> A real nice family!
>>>
>>> http://news.yahoo.com/nphotos/Odd-N...hotos_od_afp/5322e748271f50b89c466d7f2f5ef2a6
>>>
>>>
>>> ----------------------------------------------------
>>>
>>> Yep! We all can see the striking family resemblance!...LOL!
>>
>>

The pathetic thing is that Frank thinks he's fooling someone when he
does this.

Alias
 
Re: Vista's Security Rendered Completely Useless by New Exploit

Alias wrote:

> fb wrote:
>
>> Warp 10 wrote:
>>
>>
>>>>
>>>> Here is my wife, daughter and other family members!
>>>> A real nice family!
>>>>
>>>> http://news.yahoo.com/nphotos/Odd-N...hotos_od_afp/5322e748271f50b89c466d7f2f5ef2a6
>>>>
>>>>
>>>> ----------------------------------------------------
>>>>
>>>> Yep! We all can see the striking family resemblance!...LOL!
>>>
>>>
>>>
>
> The pathetic thing is that alias thinks he's fooling someone when he lies, which he constantly does.
>
 
Re: albright is PIG!

Re: albright is PIG!

I cant understand how frank likes getting humiliated on a daily basis..

this MUST be some sort of sick fetish of his!




"Ringmaster" <bigtop@VistaGeneralCircus.net> wrote in message
news:55ss94d93h58f0rbd9i48ls4ksr68udo66@4ax.com...
> On Sat, 09 Aug 2008 19:48:15 -0700, fb <aliasis@sheep-fukkin.babba>
> wrote:
>
>>Ringmaster wrote:
>
>>> That's twice in a row Frank proves he's a jackass. Go for the hat
>>> trick fool.
>>
>>What's wrong mr drunken lying pig?
>>Feeling the need to backpedal are you?
>>Getting caught in one of your many lies makes you feel stupid, huh?
>>Well, you are stupid!
>>Or didn't bubba 'drive' it home enough to satisfy you tonight?...LOL!
>>Go fukk yourself, if bubba won't do it for you.
>>You stupid idiot moron piece of worthless **** lying pig!
>
> Frank after a typical day of getting slapped around in this newsgroup.
> Note the apple in Frank's mouth. That's there so Frank stops squealing
> till tomorrow.
>
> http://www.morgansbbq.co.uk/photos/pig_1.jpg
>
> Poor Frank, this idiot is so damn dumb he never understands he's the
> butt of all jokes. A royal putz that never will wise up. Just a potty
> mouth loser. All Frank ever will be. Everyone knows that, but Frank.
>
 
Re: Vista's Security Rendered Completely Useless by New Exploit

Frank is fooling no one...

Franks problem is that he is realizing Vista isnt living up to his
expectations of everyone liking it,
and people thinking that he is something else than a complete retard...

but he cant confess his multiple failures so he has to continue being an ass
just to show us in vain that he has not lost...


what a pathetic moron frank is!




"Frank" <aliasis@asheep-fukkin.plc> wrote in message
news:e13xaP9#IHA.4684@TK2MSFTNGP04.phx.gbl...
> Alias wrote:
>
>> fb wrote:
>>
>>> Warp 10 wrote:
>>>
>>>
>>>>>
>>>>> Here is my wife, daughter and other family members!
>>>>> A real nice family!
>>>>>
>>>>> http://news.yahoo.com/nphotos/Odd-N...hotos_od_afp/5322e748271f50b89c466d7f2f5ef2a6
>>>>>
>>>>> ----------------------------------------------------
>>>>>
>>>>> Yep! We all can see the striking family resemblance!...LOL!
>>>>
>>>>
>>>>
>>
>> The pathetic thing is that alias thinks he's fooling someone when he
>> lies, which he constantly does.
>>
>
 

Similar threads

I
Revolutionizing Data Security to Protect Against a New Era of Cyber Attacks
Replies
0
Views
83
ITPro
I
M
Multiple Security Updates Released for Exchange Server
Replies
0
Views
503
MSRC Team
M
J
If you care about iPhone privacy, security researchers say uninstall Facebook immediately
Replies
0
Views
132
Joshua Hawkins
J
M
Customer Guidance on Recent Nation-State Cyber Attacks
Replies
0
Views
342
msrc
M
C
A massive hack that Google thwarted was actually a counterterrorism operation
Replies
0
Views
99
Chris Smith
C
Back
Top