The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Shatter Attacks - How to break Windows
Time: 17:11 EST/22:11 GMT | News Source: E-Mail | Posted By: Byron Hinson

This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. Microsoft has known about these flaws for some time; when I alerted them to this attack, their response was that they do not class it as a flaw - the email can be found here. This research was sparked by comments made by Microsoft VP Jim Allchin who stated, under oath, that there were flaws in Windows so great that they would threaten national security if the Windows source code were to be disclosed. He mentioned Message Queueing, and immediately regretted it. However, given the quantity of research currently taking place around the world after Mr Allchin's comments, it is about time the white hat community saw what is actually possible.

Write Comment
Return to News

  Displaying 1 through 25 of 144
Last | Next
  The time now is 6:38:59 AM ET.
Any comment problems? E-mail us
#1 By 7797 (64.192.164.165) at 8/6/2002 9:44:18 PM
no no no damnit i tell ya.. open source has no benefits when it comes to security

#2 By 2332 (165.247.2.172) at 8/6/2002 9:57:07 PM
tgnb - care to provide some evidence to back up your implied claim? Any data that shows that open source software has a history of fewer vulnerabilities?

In fact, all the available data suggests that neither closed nor open source provides any benefit, security wise, over the other.

Anyway, that is kind of beside the point. This design flaw in Windows has been known both by those inside and those outside of Microsoft for several years. I first realized it in 1997, when I first started doing Win32 programming for the first time.

I guess this can be considered Microsoft's "dirty little secret", but it's not really a secret, and this author isn't even close to the first one to discover it.

What the author kind of glosses over is that this exploit requires an application to swallow all access exceptions, and continue running. This isn't the case with most applications in my experience, although there certainly are some.

Not to mention the fact they must be written incredibly poorly to begin with. One of the first things Win32 programmers learn is to NOT display windows to a unprivledged user from a process with higher privledges. In other words, your GUI should NOT run in the same process space as your service, which may run as system.

The author of this article is almost sneaky in the way he cites Virus Scanner, since that's a very common program that just so happens has a very uncommon design flaw.

As administrators discover vulnerable applications, they will demand patches. In addition, as time goes by, Windows will become 100% managed.

In the near future, all but a few legacy apps will be 100% managed code, and thanks to this managed code, access violations will be caught and dealt with not by the application, but by the CLR. The CLR can they have a policy that will prohibit this kind of attack fairly easily.

What is more, no sane administrator allows guest access on their machines. This flaw can *not* be exploited via HTTP (therefore IIS is safe), nor can it be exploited via COM+, or any other remote service for that matter. You must have access to the desktop; that is rare.

So, in summary, this is bad. But it's not a flaw that cannot be fixed. A combination of diligent administration and the migration to near 100% managed code, will solve this worrisome problem.

This post was edited by RMD on Tuesday, August 06, 2002 at 23:08.

#3 By 7797 (64.192.164.165) at 8/6/2002 10:13:21 PM
RMD, you misunderstood my implied claim.
I wasn't trying to suggest that open source is more secure. I was simply trying to poke fun of the pro MS-sheep that hang round here. I am not anti MS nor anti closed sorce, nor anti open source. The one thing that does bother me a bit is the concentration of pro-MS sheep that hangs around here. It only bothers me enough to poke fun of them here and there. I doubt they'd understand even if a levelheaded person (tried to) explained it to them. Someone who sits on only one side of the fence can NEVER understand! There is a good number of anti-MS sheep over at slashdot too, and they get poked fun of just the same. I'd say a majority of the people here and on slashdot are either on one side of the fence or on the other. The real winner on the other hand is he who can realize the benefits of either system and make a profit from both. In the meantime don't mind me making fun of the rest of the crowd.

'nufff said

#4 By 2332 (165.247.2.172) at 8/6/2002 11:08:58 PM
Support for my previous comment:

http://online.securityfocus.com/archive/1/286228/2002-08-03/2002-08-09/0

#5 By 2332 (165.247.2.172) at 8/6/2002 11:14:42 PM
This is another interesting post... and, actually, it provides a solution of sorts:

http://online.securityfocus.com/archive/1/286272/2002-08-03/2002-08-09/2

and

http://online.securityfocus.com/archive/1/286262/2002-08-03/2002-08-09/2

I, personally, had no idea. Then again, I haven't done Win32 stuff since I started programming in .NET.

This post was edited by RMD on Tuesday, August 06, 2002 at 23:16.

#6 By 135 (208.50.201.48) at 8/6/2002 11:17:24 PM
tgnb - There are no pro-ms sheep hanging around these parts.

These are not the droids you are looking for.

This post was edited by sodablue on Tuesday, August 06, 2002 at 23:22.

#7 By 61 (65.32.170.1) at 8/7/2002 12:02:55 AM
There are, just not as many, tngb just seems to think that anyone who defends MS is an pro-MS Sheep.

#8 By 7797 (63.76.44.252) at 8/7/2002 8:53:12 AM
CPUGuy

Not everyone who defends MS is a pro-MS sheep. Everyone who blindly defends MS without taking into account the other side is a pro-MS sheep. And there are plenty around here. If you can't see it.. you're probably one of them.

#9 By 135 (209.180.28.6) at 8/7/2002 10:24:05 AM
tgnb - Like I said there is nobody like that here. Or perhaps CPUGuy is correct and there are 1 or 2 people like you say, but that's certainly not a major grouping.

The fact is the anti-MS sheep are wrong 9 times out of 10, generally because they don't apply Occam's Razor. Pointing that out doesn't make me or anyone else a MS sheep. I can think for myself, thank you.

I understand the other side, and am more than willing to listen. But every time I ask questions the anti-MS side cannot seem to articulate a valid argument. I'm still waiting for a coherent argument to come from the other side on the EULA thing from last week, for example. Instead after launching a birage of attacks the other side when confronted by the illogic of their complaints decided to shut up instead of apologizing to the public.

This post was edited by sodablue on Wednesday, August 07, 2002 at 10:30.

#10 By 61 (65.32.170.1) at 8/7/2002 11:56:21 AM
You want to see an MS-Sheep, go to ZDNet and read the talkbacks from Mike Cox.

#11 By 4240821 (45.149.82.86) at 10/25/2023 9:16:43 PM
https://sexonly.top/get/b955/b955jidliinxzynikve.php
https://sexonly.top/get/b680/b680gjgqwztnmewafbi.php
https://sexonly.top/get/b40/b40mutogfcvdqeedzr.php
https://sexonly.top/get/b580/b580zpazibrylhuohbm.php
https://sexonly.top/get/b742/b742uypxnueqdbgoujh.php
https://sexonly.top/get/b536/b536cgzpsriepjhjulc.php
https://sexonly.top/get/b877/b877hyfqftknexzfnxz.php
https://sexonly.top/get/b993/b993kjdzzradyqyvgla.php
https://sexonly.top/get/b876/b876hbuqkvgmlowbgvc.php
https://sexonly.top/get/b983/b983qlafzmwgclbskws.php
https://sexonly.top/get/b108/b108wcibvaqlzhfkkst.php
https://sexonly.top/get/b803/b803jllohdptyglxiin.php
https://sexonly.top/get/b556/b556zuiixeqjmoxhiak.php
https://sexonly.top/get/b173/b173raepbyysyxqqner.php
https://sexonly.top/get/b195/b195hwwlqupcasaplok.php
https://sexonly.top/get/b608/b608ocardxrrrotqyjh.php
https://sexonly.top/get/b829/b829gbkpwxixnqjsyom.php
https://sexonly.top/get/b368/b368oyuvadupnqvhugq.php
https://sexonly.top/get/b31/b31nrzrabvifrqhkug.php
https://sexonly.top/get/b382/b382pgvruffdtyxxnmv.php
https://sexonly.top/get/b225/b225jbwgajzncfjjhnz.php
https://sexonly.top/get/b393/b393ispokauzhsdbolp.php
https://sexonly.top/get/b765/b765rwzkztrnreybuoa.php
https://sexonly.top/get/b106/b106vijpuwzmdolsdpg.php
https://sexonly.top/get/b603/b603edbgjzraqibqpug.php
https://sexonly.top/get/b968/b968dggaqyopubvqebn.php
https://sexonly.top/get/b846/b846cwpjkdkgwhvobft.php
https://sexonly.top/get/b620/b620kukdqikmmpngvjv.php
https://sexonly.top/get/b496/b496pxwqqjingmgwzrx.php
https://sexonly.top/get/b159/b159twindeporgdappz.php
https://sexonly.top/get/b204/b204izujpkkxomcxozo.php
https://sexonly.top/get/b144/b144fmkeehkuyvjlwhu.php
https://sexonly.top/get/b267/b267hvkhchhlgclsezn.php
https://sexonly.top/get/b284/b284aeouasxbgkxpnoj.php
https://sexonly.top/get/b234/b234cfuqogbaxtvxbvm.php
https://sexonly.top/get/b167/b167skjvvuvsvecjmnh.php
https://sexonly.top/get/b238/b238wtxpwamndewbevt.php
https://sexonly.top/get/b985/b985prghxcvttapclhw.php
https://sexonly.top/get/b882/b882qqaaeetaueuzstk.php
https://sexonly.top/get/b745/b745jszcjyzxtdyfezf.php
https://sexonly.top/get/b742/b742ijktekncggqbqsx.php
https://sexonly.top/get/b191/b191fqrxbqydqvxaxqj.php
https://sexonly.top/get/b793/b793hxelucbfjlctkkx.php
https://sexonly.top/get/b225/b225bbcjlrtqmvljing.php
https://sexonly.top/get/b599/b599mznsuhszvculvry.php
https://sexonly.top/get/b832/b832idjtzbjaxjfvhis.php
https://sexonly.top/get/b962/b962bebdfujntdqfszr.php
https://sexonly.top/get/b407/b407vqppfdbgyrhufze.php
https://sexonly.top/get/b297/b297nfndqwodxkidppx.php
https://sexonly.top/get/b50/b50pwkdrouezskwmxl.php

#12 By 4240821 (213.139.195.162) at 10/29/2023 8:44:58 PM
https://www.quora.com/profile/JesseKraemer245/LaylaReynolds-victoria-butts-Ran-Asakawa-Morgenstern-Eva-Amelia-VeronicaVelez-AmberAngel666-Hazedandpurple
https://www.quora.com/profile/LawandaHughes868/Lolanikola-rumarose-Baby_doll_yyc-caringlittlegirl-Theblueyedslut-lynne-marais-evelin-stone-anastasia-vand
https://www.quora.com/profile/AnthonyShadowz483/SexyKatLady420-LovelyLexus-queenmaxine-HazelsNutss-princessnassia-Candy-Crush-Brasil-MistressRedK-Remi-Rea
https://www.quora.com/profile/AmyCongelliere497/brattybabe99-InkedGoddess30-RhubarbFizz-angelthefootgoddess-yourbirdie-wwinters-quietly515-Jenni-1Marieb
https://www.quora.com/profile/MiaMartin52/Tina-star-Charlene-Akira-Novalynn420-sashablack-ember_bb-MellowMia8-myran71-Sexy-succubus-Victoria-Ashle
https://www.quora.com/profile/KevinMoulton780/xKitttyKattx-BabyE38-Giavana-Layne-NachoXSole-gothbabiii-ValleysFinest-MrandMrsSEXYcoupleKC-ChrissLeoo-Str
https://www.quora.com/profile/JeanChongbang777/Candy-Delicious-sweetkisst-greiicyass-Sexyalliesworld-89DeepSouth-CynthiaWorldly-Sophia-Burns-nawelzpzp
https://www.quora.com/profile/AmandaBrannon503/CaroCam-sabrina-x-spinderella-Booty-Kitten-AudreyMyers-missmean-MyMatesSister-Cah-goddess-LadyDream3r-Fe
https://www.quora.com/profile/MichelleMiller16/NicoleBrown-JandJCouple-MissJaneXXX-JannyHole-the_petitemort-karleigh-rogers-shuggaNdaddy-Breezybelit-Ea
https://www.quora.com/profile/SamAtonyo621/DaddysSunshine187-xrivkahx-mila-fyre-Elle-Rio-innocentwhore-rani-darling-LexxaPannda-Dabper-Couple-pirat

#13 By 4240821 (103.152.17.80) at 10/31/2023 11:40:29 AM
https://app.socie.com.br/PurtyNPink20Alicerose993
https://app.socie.com.br/read-blog/97362
https://app.socie.com.br/petitemiaBiscuitBoob
https://app.socie.com.br/Piinkjewelzznoraskyy
https://app.socie.com.br/read-blog/97671
https://app.socie.com.br/read-blog/97434
https://app.socie.com.br/read-blog/97467
https://app.socie.com.br/read-blog/97530
https://app.socie.com.br/PleasureVictimAmandaNeumannCB
https://app.socie.com.br/read-blog/98309

#14 By 4240821 (103.151.103.150) at 10/31/2023 10:27:56 PM
https://app.socie.com.br/TatumBaileyMarvelousV
https://app.socie.com.br/read-blog/97655
https://app.socie.com.br/read-blog/97680
https://app.socie.com.br/read-blog/97863
https://app.socie.com.br/Whitneyassoryippieskip
https://app.socie.com.br/Marie6990tespresley
https://app.socie.com.br/read-blog/97627
https://app.socie.com.br/read-blog/97554
https://app.socie.com.br/read-blog/98889
https://app.socie.com.br/PrincessDaisyDreamEgyptianFeline

#15 By 4240821 (62.76.146.75) at 11/1/2023 2:35:49 PM
http://activewin.com/mac/comments.asp?ThreadIndex=77156&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=14756&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=31915&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=28279&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=76599&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=15163&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=62389&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=78025&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=83706&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=53942&Group=Last

#16 By 4240821 (2.57.151.31) at 11/1/2023 10:34:03 PM
http://activewin.com/mac/comments.asp?ThreadIndex=30187&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=59751&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=2998&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=27398&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=41126&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=58942&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=21203&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=40433&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=72196&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=59145&Group=Last

#17 By 4240821 (109.94.218.82) at 11/2/2023 8:26:25 PM
http://activewin.com/mac/comments.asp?ThreadIndex=14845&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=41821&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=80798&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=7739&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=66949&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=13815&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=7167&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=81711&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=5168&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=69960&Group=Last

#18 By 4240821 (212.193.138.10) at 11/3/2023 3:29:48 AM
http://activewin.com/mac/comments.asp?ThreadIndex=7716&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=84267&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=38626&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=54433&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=2774&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=39556&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=1939&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=80382&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=25200&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=76127&Group=Last

#19 By 4240821 (109.94.216.41) at 11/5/2023 4:41:44 AM
https://hotslutss.bdsmlr.com/post/649388754
https://hotslutss.bdsmlr.com/post/660741778
https://hotslutss.bdsmlr.com/post/651535707
https://hotslutss.bdsmlr.com/post/654327343
https://hotslutss.bdsmlr.com/post/651422499
https://hotslutss.bdsmlr.com/post/653204558
https://hotslutss.bdsmlr.com/post/659947793
https://hotslutss.bdsmlr.com/post/650764689
https://hotslutss.bdsmlr.com/post/652631585
https://hotslutss.bdsmlr.com/post/662709810

#20 By 4240821 (92.119.163.194) at 11/5/2023 10:39:19 PM
https://printable-calendar.mn.co/members/19914777
https://printable-calendar.mn.co/members/19893753
https://printable-calendar.mn.co/members/19901418
https://printable-calendar.mn.co/members/19919489
https://printable-calendar.mn.co/members/19918969
https://printable-calendar.mn.co/members/19900637
https://printable-calendar.mn.co/members/19895128
https://printable-calendar.mn.co/members/19916042
https://printable-calendar.mn.co/members/19894148
https://printable-calendar.mn.co/members/19900657

#21 By 4240821 (62.76.146.75) at 11/8/2023 4:38:26 PM
https://www.hackerearth.com/@getexboba1983
https://www.hackerearth.com/@ladkpaberde1984
https://www.hackerearth.com/@tomrandberdodd1984
https://www.hackerearth.com/@rhymancarco1983
https://www.hackerearth.com/@olotecte1976
https://www.hackerearth.com/@naligenor1975
https://www.hackerearth.com/@tankcerlustpas1977
https://www.hackerearth.com/@pontodombpo1989
https://www.hackerearth.com/@tiotimacpulc1970
https://www.hackerearth.com/@westmiskyumort1980

#22 By 4240821 (45.146.26.215) at 11/10/2023 10:44:51 PM
http://www.ttbizonline.com/pro/20231109194446
http://www.ttbizonline.com/pro/20231109044043
http://www.ttbizonline.com/pro/20231109050005
http://www.ttbizonline.com/pro/20231110031225
http://www.ttbizonline.com/pro/20231109214423
http://www.ttbizonline.com/pro/20231109072417
http://www.ttbizonline.com/pro/20231110014003
http://www.ttbizonline.com/pro/20231109092036
http://www.ttbizonline.com/pro/20231109184909
http://www.ttbizonline.com/pro/20231109051916

#23 By 4240821 (109.94.216.41) at 11/11/2023 1:14:42 PM
https://www.mddir.com/company/jaysiejade-manyvids-leak/
https://www.mddir.com/company/bianca_ok-clips4sale-leaked/
https://www.mddir.com/company/tittywonder-onlyfans-leak/
https://www.mddir.com/company/stoneyknight-onlyfans-leak/
https://www.mddir.com/company/candi6969-onlyfans-leaked/
https://www.mddir.com/company/bianca_ok-clips4sale-leaked/
https://www.mddir.com/company/brookie-xoxo-cookie-patreon-leaked/
https://www.mddir.com/company/suugar-plum-manyvids-leak/
https://www.mddir.com/company/xxbebecita-clips4sale-leaked/
https://www.mddir.com/company/aloragem97-manyvids-leaked/

#24 By 4240821 (194.190.178.141) at 11/12/2023 2:22:08 PM
https://instem.res.in/comment/reply/4222/720535
https://instem.res.in/comment/reply/2557/720356
https://instem.res.in/comment/reply/5450/720545
https://instem.res.in/comment/reply/2557/720288
https://instem.res.in/comment/reply/2459/720499
https://instem.res.in/comment/reply/2530/720416
https://instem.res.in/comment/reply/2557/720251
https://instem.res.in/comment/reply/2557/720249
https://instem.res.in/comment/reply/2557/720336
https://instem.res.in/comment/reply/2557/720194

#25 By 4240821 (45.146.26.215) at 11/13/2023 9:18:00 PM
https://telegra.ph/hannahowo-Hidden-Camera-Boosty-Leak-12-09
https://sexonly.top/get/b501/b501mbgauzzxcgmisos.php
https://sexonly.top/get/b903/b903amhqpcddnglfstg.php
https://sexonly.top/get/b947/b947fjwvtkrjpecbxtq.php
https://sexonly.top/get/b118/b118rpkosvrcvaaptfm.php
https://sexonly.top/get/b756/b756ztpcfrbbfnwoqql.php
https://sexonly.top/get/b714/b714vnuqcrlnothhzbr.php
https://sexonly.top/get/b768/b768eltwbidpkhqxqoo.php
https://sexonly.top/get/b46/b46bfonrercdaokbia.php
https://sexonly.top/get/b14/b14jkkobquqvlnfdnh.php

Write Comment
Return to News
  Displaying 1 through 25 of 144
Last | Next
  The time now is 6:38:59 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *