Black Hats reveal systemic Vista security flaw
Neowin is reporting that Mark Dowd (IBM ISS) and Alexander Sotirov (VMware) demonstrated a way to bypass all of Windows Vista’s memory protection safeguards using a web browser. The kicker? It isn’t a vulnerability, per se, but rather exploiting how the entire system is set up. Neowin continues:
According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”
After news that the DNS flaw is much worse than initially thought, it appears the annual Black Hat conference is having a very productive session.
OOPS!!
Ouch. Still, if I'm not mistaken, it's not like your regular safe browsing practices can't keep you away from these kinds of issues.
Wonder if this is at all patchable.
Still doesn't stop infected banners.
Aren't these guys white hats?
-drasnor