It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
The sky isn't falling: a look at a new Vista security bypass The sky isn't falling: a look at a new Vista security bypass
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


The sky isn't falling: a look at a new Vista security bypass
Reply
 
Thread Tools
Old 12th August 2008, 11:54   #1
Madshrimp
 
jmke's Avatar
 
Join Date: May 2002
Location: 7090/Belgium
Posts: 78,771
jmke has disabled reputation
Default The sky isn't falling: a look at a new Vista security bypass

One of the papers presented at the Black Hat USA 2008 security conference was an analysis a number of the protection mechanisms built into Windows Vista and Windows Server 2008 that are designed to make it harder to convert software bugs into security flaws. How to Impress Girls with Browser Memory Protection Bypasses, authored by security researchers Mark Dowd at IBM and Alexander Sotirov at VMware, presented a number of attacks against Vista's various security features in isolation, and then attacks that could disable multiple protections all together. Put together, the result is that Vista's mitigation mechanisms are circumvented, making buggy software exploitable.

The security features being bypassed are all intended to minimize the impact of buffer overflows. Buffer overflows are a particular kind of programming error that occur when a program attempts to store too much data in the buffer allocated for the data. This causes anything following the buffer to be overwritten. Buffer overflows are exploitable when it's possible to insert arbitrary executable code into a process and then make that code run. If an attacker can do this then the attacker has gained the ability to do whatever he likes to the victim's computer.

http://arstechnica.com/news.ars/post...ty-bypass.html
__________________
jmke is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Security Bulletin Summary for August 2007 jmke WebNews 0 14th August 2007 23:21
Microsoft admits Vista security won't change much jmke WebNews 0 24th April 2007 10:52
Microsoft allows bypass of Vista activation jmke WebNews 3 20th March 2007 12:27
Vista Security Too Little Too Late jmke WebNews 7 23rd February 2007 15:40
Vista DRM Cracked by Security Researcher jmke WebNews 0 30th January 2007 11:49
More Headaches from Vista Security jmke WebNews 3 11th May 2006 12:07

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 06:55.


Powered by vBulletin® - Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO