| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Shatter Attacks - How to break Windows | |
|
||
| Time: 17:11 EST/22:11 GMT | News Source: E-Mail | Posted By: Byron Hinson | ||
|
This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. Microsoft has known about these flaws for some time; when I alerted them to this attack, their response was that they do not class it as a flaw - the email can be found here. This research was sparked by comments made by Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. He mentioned Message Queueing, and immediately regretted it. However, given the quantity of research currently taking place around the world after Mr Allchin's comments, it is about time the white hat community saw what is actually possible. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 144 Last | Next |
The time now is
6:38:59 AM
ET.
Any comment problems? E-mail us |
| #1 By 7797 (64.192.164.165) at 8/6/2002 9:44:18 PM |
| no no no damnit i tell ya.. open source has no benefits when it comes to security |
| #2 By 2332 (165.247.2.172) at 8/6/2002 9:57:07 PM |
|
tgnb - care to provide some evidence to back up your implied claim? Any data that shows that open source software has a history of fewer vulnerabilities?
In fact, all the available data suggests that neither closed nor open source provides any benefit, security wise, over the other. Anyway, that is kind of beside the point. This design flaw in Windows has been known both by those inside and those outside of Microsoft for several years. I first realized it in 1997, when I first started doing Win32 programming for the first time. I guess this can be considered Microsoft's "dirty little secret", but it's not really a secret, and this author isn't even close to the first one to discover it. What the author kind of glosses over is that this exploit requires an application to swallow all access exceptions, and continue running. This isn't the case with most applications in my experience, although there certainly are some. Not to mention the fact they must be written incredibly poorly to begin with. One of the first things Win32 programmers learn is to NOT display windows to a unprivledged user from a process with higher privledges. In other words, your GUI should NOT run in the same process space as your service, which may run as system. The author of this article is almost sneaky in the way he cites Virus Scanner, since that's a very common program that just so happens has a very uncommon design flaw. As administrators discover vulnerable applications, they will demand patches. In addition, as time goes by, Windows will become 100% managed. In the near future, all but a few legacy apps will be 100% managed code, and thanks to this managed code, access violations will be caught and dealt with not by the application, but by the CLR. The CLR can they have a policy that will prohibit this kind of attack fairly easily. What is more, no sane administrator allows guest access on their machines. This flaw can *not* be exploited via HTTP (therefore IIS is safe), nor can it be exploited via COM+, or any other remote service for that matter. You must have access to the desktop; that is rare. So, in summary, this is bad. But it's not a flaw that cannot be fixed. A combination of diligent administration and the migration to near 100% managed code, will solve this worrisome problem. This post was edited by RMD on Tuesday, August 06, 2002 at 23:08. |
| #3 By 7797 (64.192.164.165) at 8/6/2002 10:13:21 PM |
|
RMD, you misunderstood my implied claim.
I wasn't trying to suggest that open source is more secure. I was simply trying to poke fun of the pro MS-sheep that hang round here. I am not anti MS nor anti closed sorce, nor anti open source. The one thing that does bother me a bit is the concentration of pro-MS sheep that hangs around here. It only bothers me enough to poke fun of them here and there. I doubt they'd understand even if a levelheaded person (tried to) explained it to them. Someone who sits on only one side of the fence can NEVER understand! There is a good number of anti-MS sheep over at slashdot too, and they get poked fun of just the same. I'd say a majority of the people here and on slashdot are either on one side of the fence or on the other. The real winner on the other hand is he who can realize the benefits of either system and make a profit from both. In the meantime don't mind me making fun of the rest of the crowd. 'nufff said |
| #4 By 2332 (165.247.2.172) at 8/6/2002 11:08:58 PM |
|
Support for my previous comment:
http://online.securityfocus.com/archive/1/286228/2002-08-03/2002-08-09/0 |
| #5 By 2332 (165.247.2.172) at 8/6/2002 11:14:42 PM |
|
This is another interesting post... and, actually, it provides a solution of sorts:
http://online.securityfocus.com/archive/1/286272/2002-08-03/2002-08-09/2 and http://online.securityfocus.com/archive/1/286262/2002-08-03/2002-08-09/2 I, personally, had no idea. Then again, I haven't done Win32 stuff since I started programming in .NET. This post was edited by RMD on Tuesday, August 06, 2002 at 23:16. |
| #6 By 135 (208.50.201.48) at 8/6/2002 11:17:24 PM |
|
tgnb - There are no pro-ms sheep hanging around these parts.
These are not the droids you are looking for. This post was edited by sodablue on Tuesday, August 06, 2002 at 23:22. |
| #7 By 61 (65.32.170.1) at 8/7/2002 12:02:55 AM |
| There are, just not as many, tngb just seems to think that anyone who defends MS is an pro-MS Sheep. |
| #8 By 7797 (63.76.44.252) at 8/7/2002 8:53:12 AM |
|
CPUGuy
Not everyone who defends MS is a pro-MS sheep. Everyone who blindly defends MS without taking into account the other side is a pro-MS sheep. And there are plenty around here. If you can't see it.. you're probably one of them. |
| #9 By 135 (209.180.28.6) at 8/7/2002 10:24:05 AM |
|
tgnb - Like I said there is nobody like that here. Or perhaps CPUGuy is correct and there are 1 or 2 people like you say, but that's certainly not a major grouping.
The fact is the anti-MS sheep are wrong 9 times out of 10, generally because they don't apply Occam's Razor. Pointing that out doesn't make me or anyone else a MS sheep. I can think for myself, thank you. I understand the other side, and am more than willing to listen. But every time I ask questions the anti-MS side cannot seem to articulate a valid argument. I'm still waiting for a coherent argument to come from the other side on the EULA thing from last week, for example. Instead after launching a birage of attacks the other side when confronted by the illogic of their complaints decided to shut up instead of apologizing to the public. This post was edited by sodablue on Wednesday, August 07, 2002 at 10:30. |
| #10 By 61 (65.32.170.1) at 8/7/2002 11:56:21 AM |
| You want to see an MS-Sheep, go to ZDNet and read the talkbacks from Mike Cox. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 144 Last | Next |
The time now is
6:38:59 AM
ET.
Any comment problems? E-mail us |
