Black Hats reveal systemic Vista security flaw

LincLinc OwnerDetroit Icrontian
edited August 2008 in Science & Tech
Neowin is reporting that Mark Dowd (IBM ISS) and Alexander Sotirov (VMware) demonstrated a way to bypass all of Windows Vista's memory protection safeguards using a web browser. The kicker? It isn't a vulnerability, per se, but rather exploiting how the entire system is set up. Neowin continues:

According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
After news that the DNS flaw is much worse than initially thought, it appears the annual Black Hat conference is having a very productive session.

Comments

  • ZuntarZuntar North Carolina Icrontian
    edited August 2008
    OOPS!!
  • SnarkasmSnarkasm Madison, WI Icrontian
    edited August 2008
    Ouch. Still, if I'm not mistaken, it's not like your regular safe browsing practices can't keep you away from these kinds of issues.

    Wonder if this is at all patchable.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited August 2008
    Still doesn't stop infected banners.
  • drasnordrasnor Starship Operator Hawthorne, CA Icrontian
    edited August 2008
    Aren't these guys white hats?

    -drasnor :fold:
Sign In or Register to comment.