Home
Friday, August 18, 2017
4:50:57 PM
Users online: 0   You are here >> Home > Windows OS

Forums | Windows OS Forums search
Forum FAQ
   
  1 | 2 Next Page 
Windows Vista security 'rendered useless' by researchers
Waltish 
9/8/08 6:43:50 AM
Hero
Titan


http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html#

LAS VEGAS -- Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.

"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.

"What this means is that almost any vulnerability in the browser is trivially exploitable," Dai Zovi added. "A lot of exploit defenses are rendered useless by browsers. ASLR and hardware DEP are completely useless against these attacks."

Many of the defenses that Microsoft added to Vista and Windows Server 2008 are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process's stack, heap and libraries. That technique is useful against memory-corruption attacks, but Dai Zovi said that against Dowd's and Sotirov's methods, it would be of no use.

"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."

Microsoft officials have not responded to Dowd's and Sotirov's findings, but Mike Reavey, group manager of the Microsoft Security Response Center, said Wednesday that the company is aware of the research and is interested to see it once it becomes public.

Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.

"This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon, sort of like heap spraying was."

------------------------------------------

Just a heads up.

{:))

-----
replace monopoly with choice

kikz 
9/8/08 6:03:52 PM
Immortal

Thank fuck I don't work at Microsoft. That's a major whoops there.

-----
Q6600 | 4Gb PC6400 | 2 x 500Gb RAID 0 + 2 x 320 Gb RAID 0 | 19" Benq FP591 + 24" Samsung 245B + 19" Dell | 8800GTS 640 Mb + 8400GS 256 Mb | Gigabyte GA-P35-DS3P | Antec P182 | Corsair HX-620 | Thermalright 120 Extreme | Vista x64

80proof 
9/8/08 6:40:43 PM
Guru

Quote by Waltish
Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.



That'd be interesting, exploits in Windows are obvious.

-----
It's the simple things in life, like when and where.

Scourge of the Underworld 
9/8/08 6:47:15 PM
Disciple

Read about this just the other day. Be interesting to see what follows as a result of this.

-----
Always be yourself,
Because the people who mind don't matter,
and the people who matter don't mind.

Fat_Bodybuilder 
9/8/08 8:48:00 PM
Titan

It's okay, no body can hack me.

-----
5. Post anyone's contact details or personal information without their permission - this includes forum users and those offline.

Waltish 
9/8/08 11:11:57 PM
Hero
Titan


To me the article didn't give much specific info, they make it sound really serious.
Until something more detailed is published or someone here can expand on this story, its hard for me to know just how serious it is or isn't.

w

-----
replace monopoly with choice

Lazzarus2nd 
13/8/08 1:56:03 AM
Guru

So? Dont use IE. Simple workaround.

-----
"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins

TheSecret 
13/8/08 9:05:54 AM
Primarch
It is not very serious, it is only to do with breaking address space randomization. At worst case, it takes it back to an XP level of security. Standard hyperbole before a blackhat conference, move along, nothing to see here.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

zebra 
13/8/08 10:20:47 AM
SuperHero
Titan


Quote by TheSecret
It is not very serious, it is only to do with breaking address space randomization. At worst case, it takes it back to an XP level of security. Standard hyperbole before a blackhat conference, move along, nothing to see here.



Unfortunately, I tend to agree. DEP is nothing new. Nor is the exploitation of it. And to maybe skew this thread away from being a "boo for Vista", "yay for Linux" bandwagon, lets just keep in mind that many vanilla 2.6 kernels out there implement NX-bit in hardware and in software (DEP layer), in an almost identical way to Vista.

Just take articles like this with a grain of salt. It totally doesn't pain the entire picture. At all.

Cool - but really, nothing to care about guys.

z


Edited by zebra: 13/8/2008 10:43:19 AM

-----
Specs:

I don't own a computer.

bastard 
13/8/08 11:13:42 AM
Titan

"In this paper we demonstrated that the memory protection mechanisms available in the latest versions of Windows are not always effective when it comes to preventing the exploitation of memory corruption vulnerabilities in browsers. They raise the bar, but the attacker still has a good chance of being able to bypass them. Two factors contribute to this problem: the degree to which the browser state is controlled by the attacker; and the extensible plugin architecture of modern browsers. The authors expect these problems to be addressed in future releases of Windows and browser plugins shipped by third parties," they say in their conclusion."

might want to update your original post there champ...


It is a bit of a "meh" to me. IBM are trying to FUD in an attempt to gain traction for the OS operating system endeavor and VMware are attempting to stifle MS because they are in the process of making inroads into Virtualization with their Hyper-V platform.

That being said the two people involved are pretty impressive as far as systems security goes.


Edited by bastard: 13/8/2008 11:18:18 AM

-----
You just keep on trying till you run out of cake.

Scyfo 
13/8/08 4:24:17 PM
Serf
I has pickles :D


Edited by Scyfo: 13/8/2008 4:25:40 PM

-----
Intel Core 2 Extreme QX9770
XFX MB-N790-IUL9 Nforce 790i Ultra
3 XFX GX-280N-ZDD9 Geforce GTX280 XXX Edition in 3-way sli
8gb OCZ DDR3 PC3-12800 / 1600MHz / Platinum Edition
2 Western Digital WD3000GLFS VelociRaptor, 300GB in Raid 0
Co

Waltish 
13/8/08 11:48:54 PM
Hero
Titan


Quote by zebra
Quote by TheSecret
It is not very serious, it is only to do with breaking address space randomization. At worst case, it takes it back to an XP level of security. Standard hyperbole before a blackhat conference, move along, nothing to see here.



Unfortunately, I tend to agree. DEP is nothing new. Nor is the exploitation of it. And to maybe skew this thread away from being a "boo for Vista", "yay for Linux" bandwagon, lets just keep in mind that many vanilla 2.6 kernels out there implement NX-bit in hardware and in software (DEP layer), in an almost identical way to Vista.

Just take articles like this with a grain of salt. It totally doesn't pain the entire picture. At all.

Cool - but really, nothing to care about guys.

z


Edited by zebra: 13/8/2008 10:43:19 AM



No one mentioned Linux till you did Zeb.

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

TheSecret 
14/8/08 12:08:07 AM
Primarch
It was a preemptive strike.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

Waltish 
14/8/08 2:33:17 AM
Hero
Titan


Are you Zebs alt TheSecret ? If not, why are you speaking for him ?


Edited by Waltish: 14/8/2008 02:35:27 AM

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

TheSecret 
14/8/08 2:39:48 AM
Primarch
I'm not.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

zebra 
16/8/08 1:52:56 PM
SuperHero
Titan


No one mentioned Linux till you did Zeb.

And? I am mentioning it.

I want people to see *all* the detail. Not just one side of it. People need to be aware of both sides of the picture.

It is very easy to be critical of the Microsoft efforts. Too easy in fact, hence I make the statement that Linux lives in the exact same territory and has the same weaknesses inherent. Painting any other picture is dishonest to ourselves and the community.

It is awesome to be an OSS Evangelist, but to be effective as one, you need to live on both sides of the fence, understand the weaknesses of both sides - and realise that everything you believe in can *also* be a pile of shit, at times. Having ultimate faith in something, doesn't make it good or perfect, or incapable of mistakes.

Not trying to do you in owl-face, but really, if you want to give negative promotion or attempt a "here is why alternative operating systems are better" technique, I suggest posting why alternative operating systems are better.

Be direct. Be straightforward. Mean what you say, say what you mean.

z


Edited by zebra: 16/8/2008 2:15:36 PM

-----
Specs:

I don't own a computer.

Waltish 
16/8/08 4:04:02 PM
Hero
Titan


Nah you implied you had to turn the tide of prolinux propoganda but there was none to turn.

Its a windows fuck up and no one mentioned Linux.

Its just a natural thing that MSoft fuck ups make MSoft look bad.

Of course it easy to be critical of Microsoft there is plenty to be critical of, If they didn't have fuck ups there would be nothing to criticise. {:)

Please don't have a go at my integrity in defence of your beloved Monopolith.

I think trying to personally attack my character in defence of your darling implies a lack of integrity on your part as does your introducing the fictitious notion thet you are just balancing the thread.

If I had ranted and raved you may have had a point to make but as it stands it seems you are trying to censor by way of pressure what I can post.

Sorry it won't work, MS is just as valid a target for comment and critique as anything else.

w


Edited by Waltish: 16/8/2008 4:23:16 PM

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

zebra 
16/8/08 4:40:17 PM
SuperHero
Titan


Quote by Waltish
Please don't have a go at my integrity in defence of your beloved Monopolith.

...defence of your darling



End comment. There is no point in me talking in this thread any further. You've used the wrong, emotional words to paint yourself in an ambivalent light here dude.


Edited by zebra: 16/8/2008 5:55:51 PM

-----
Specs:

I don't own a computer.

smadge1 
16/8/08 6:22:32 PM
Immortal

Computing is inherently insecure. It's impossible to make a secure system that's entirely usable.

Open standards help, but even they aren't perfect.

-----

I broke my ass in a farting accident.
I have a bag of salty nuts.

[ .. The WHS Guy .. ]

http://geocline.net/
17938

iain671 
16/8/08 6:55:19 PM
Guru

Yep. The only secure computer is the one that is unplugged.

-----
I know what "Welcome to the real world" means. And I like it.

  1 | 2  | Next Page 
Forums | Windows OS