Vista's Security Rendered Completely Useless

Heeter

Overclocked Like A Mother
Joined
8 Jul 2002
Messages
2,732
Found this on another site:

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user's machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."

According to Microsoft, many of the defenses added to Windows Vista (and Windows Server 2008) were added to stop all host-based attacks. For example, ASLR is meant to stop attackers from predicting key memory addresses by randomly moving a process' stack, heap and libraries. While this technique is very useful against memory corruption attacks, it would be rendered useless against Dowd and Sotirov's new method. "This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," said Dai Zovi. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."

While Microsoft hasn't officially responded to the findings, Mike Reavey, group manager of the Microsoft Security Response Center, said the company has been aware of the research and is very interested to see it once it has been made public. It currently isn't known whether these exploits can be used against older Microsoft Operating Systems, such as Windows XP and Windows Server 2003, but since these techniques do not rely on any one specific vulnerability, Zovi believes that we may suddenly see many similar techniques applied to other platforms or environments. "This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon."

These techniques are being seen as an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks. Expect to be hearing more about this in the near future and possibly being faced with the prospect of your "secure" server being stripped completely naked of all its protection.

Attached is a pdf of their findings that will be available @ blackhat conference

Here is More

Sorry if it has been posted already.


Heeter
 

Attachments

  • bh-eu-07-sotirov-WP.pdf
    163.9 KB · Views: 2,997

Johnny

.. Commodore ..
Political Access
Joined
12 Jan 2004
Messages
5,015
Well, I'm not worried. If they hack me , they hack me. I have yet to ever get a virus (I don't use an antivirus by the way) or a trojan (I don't use antispyware by the way). this sounds to me to be some kind of scare tactic.
 

tdinc

OSNN Veteran Addict
Political Access
Joined
6 Dec 2003
Messages
3,508
Well, I'm not worried. If they hack me , they hack me. I have yet to ever get a virus (I don't use an antivirus by the way) or a trojan (I don't use antispyware by the way). this sounds to me to be some kind of scare tactic.
i bet you there is some form of malware/tracking cookie/spyware on you PC. :rambo:

you use the internets even if you browse "safely" you have to have at least some form of anti-spyware.
 

Shamus MacNoob

OSNN Veteran Addict
Political Access
Joined
8 Jan 2002
Messages
4,199
Well, I'm not worried. If they hack me , they hack me. I have yet to ever get a virus (I don't use an antivirus by the way) or a trojan (I don't use antispyware by the way). this sounds to me to be some kind of scare tactic.


Your machine is infected with some sort of malware for sure
 

chastity

Moderator
Staff member
Political Access
Joined
20 Jul 2002
Messages
2,284
Lets hope that this flaw only effects Vista and that M$ can come up with a fix. Its really going to hurt if it effects older versions of Windows since I'm sure there is load of those still running XP or even 2000 heck some might still be running 98
 

LeeJend

OSNN Veteran Addict
Joined
25 Jan 2003
Messages
5,291
Who cares about desktop attacks? This potentially lays servers wide open. There goes ecommerce, banking and your life's savings...

This one is scary.
 

Shamus MacNoob

OSNN Veteran Addict
Political Access
Joined
8 Jan 2002
Messages
4,199
Who cares about desktop attacks? This potentially lays servers wide open. There goes ecommerce, banking and your life's savings...

This one is scary.


Yes it does look like a huge crack in the foundation ... Let's hope there is a way to fix this, first glances say this is not fixable it is the way that the OS is made.
 

Perris Calderon

dealer
Staff member
Political Access
Joined
24 Jan 2002
Messages
12,374
I got ten security fixes today, I wonder how this affects the issues discussed on this thread
 

Perris Calderon

dealer
Staff member
Political Access
Joined
24 Jan 2002
Messages
12,374
Some interesting information...

Refer to Ars Technica for the entire article.

http://arstechnica.com/journals/mic...lexander-sotirov-vista-security-is-not-broken
from that article;

The articles that describe Vista security as "broken" or "done for," with "unfixable vulnerabilities" are completely inaccurate. One of the suggestions I saw in many of the discussions was that people should just use Windows XP. In fact, in XP a lot of those protections we're bypassing don't even exist. XP is even less secure than Vista in this respect. [What] we established is that the security advantage of Vista over XP is not as great as [previously] thought. Vista is still very good at preventing vulnerabilities.

and it goes on;

So there you have it: straight from the horse's mouth. The flaws are there, yes, but they aren't anywhere nearly as severe as sensationalist articles will claim. Furthermore, they can be fixed, and Microsoft and other software vendors are already taking the steps to do so. Sotirov also said that he doubts there is any exploit code or proof-of-concept code out in the wild, because the paper is quite new and it only presents weaknesses in the protection mechanism. "Without the presence of a vulnerability these techniques don’t really [accomplish] anything," the security researcher told Bott.
 

zeke_mo

(value not set)
Staff member
Political Access
Joined
25 Aug 2004
Messages
1,991
I know how to fix it, unplug your ethernet cable...
 

kcnychief

??? ??? ?
Political Access
Joined
8 Apr 2005
Messages
16,950
I love when information gets posted and then literally torn to shreds by people who actually know what they are talking about.
 

Members online

No members online now.

Latest profile posts

Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!
Perris Calderon wrote on Electronic Punk's profile.
EP, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there!

Forum statistics

Threads
61,997
Messages
673,411
Members
5,590
Latest member
AntonioPR