Home
Friday, July 28, 2017
2:39:20 AM
Users online: 0   You are here >> Home > Windows OS

Forums | Windows OS Forums search
Forum FAQ
   
 Previous Page 1 | 2  
Windows Vista security 'rendered useless' by researchers
TheSecret 
16/8/08 7:29:01 PM
Primarch
I think far more detailed access controls can meet security and usability requirements, an SELinux or Trusted Solaris type of thing.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

Waltish 
16/8/08 10:24:37 PM
Hero
Titan


Quote by zebra
Quote by Waltish
Please don't have a go at my integrity in defence of your beloved Monopolith.

...defence of your darling



End comment. There is no point in me talking in this thread any further. You've used the wrong, emotional words to paint yourself in an ambivalent light here dude.


Edited by zebra: 16/8/2008 5:55:51 PM


And you are using fictitious reasons to justify yourself.

Of course there is no point in taking this further, every one can see what did and did not happen in this thread.

PS: Its not a requirement that I be ambivalent to post, Like you I am allowed have have an opinion and a position.

But in this thread you went off half cocked.


Edited by Waltish: 16/8/2008 10:35:00 PM

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

Waltish 
16/8/08 10:32:32 PM
Hero
Titan


Quote by TheSecret
I think far more detailed access controls can meet security and usability requirements, an SELinux or Trusted Solaris type of thing.



As I said at the beginning of this thread I don't know what the story in the link means in terms of every day security.

Is the threat real? Or is it just theoretical and doable only in the lab?

That's one part of the reason I posted it with out much comment, the other is I was hoping some one could elaborate on the true extent of the risk.

Zebra's white washing of the issue didn't help me understand it any better.{:)


Edited by Waltish: 16/8/2008 10:35:40 PM

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

TheSecret 
16/8/08 11:41:39 PM
Primarch
The threat is real, at least is exists in other platforms, and they are claiming they can use it the same attack in vista. But so far nothing has actually been demoed that they can do this. There is not too much of a reason to doubt it however, so assuming they can do this, it is exactly the same problem most platforms have, and requires exploiting several other vulnerabilities to even make use of it first.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

Waltish 
17/8/08 2:36:23 AM
Hero
Titan


Ah Thank you the secret.

From what I have read the way into vista is through the browser loading .net dll's and treating them as safe objects.

But wouldn't one have to do some complex crafting to exploit it, and that is likely to be beyond the skill range of the script kiddies.

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

TheSecret 
17/8/08 5:43:49 AM
Primarch
It is part of it, mainly with how IE handles languages(.NET, Java and Flash were shown), but it only affects IE. On vista. And most of the attack vectors that were used as examples have been fixed.

The problem with any exploit, is it only takes one precompiled binary to spread for a kiddie to use. Look at metasploit for example. Other people do the complex crafting for you.

The full paper is here if you want to read it:

http://taossa.com.nyud.net:8080/index.php/2008/08/07/impressing-girls-with-vista-memory-protectio

But remember, they are selling it, so don't believe everything.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

Midnighter 
17/8/08 5:55:01 AM
Immortal

Quote by zebra
Quote by Waltish
Please don't have a go at my integrity in defence of your beloved Monopolith.

...defence of your darling



End comment. There is no point in me talking in this thread any further. You've used the wrong, emotional words to paint yourself in an ambivalent light here dude.


Edited by zebra: 16/8/2008 5:55:51 PM


Yet, you are the only one to bring an alternative OS into the discussion? Who's being emotive here, hmm?

-----
Try to live your life without hurting, without abusing, or shattering or betraying.
-In a war, there are no good guys, and no bad guys. There are only opposing forces.
-Quote by moz
All insanity has some degree of awesomeness.

TheSecret 
17/8/08 6:35:01 AM
Primarch
He pointed out that the problem is one that affects all platforms, in a calm and rational, non-emotive way.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

Waltish 
17/8/08 7:27:45 AM
Hero
Titan


Quote by TheSecret
He pointed out that the problem is one that affects all platforms, in a calm and way.



But getting hysterical towards me and claiming non-existent actualities is hardly rational & non-emotive.
-------------------
On Topic that link didn't work for me, but are they selling scripts so the kiddies can vandalise peoples computers... if they are they should be arrested and prosecuted to the fullest extent of the law.



Edited by Waltish: 17/8/2008 7:32:57 AM

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

TheSecret 
17/8/08 8:19:50 AM
Primarch
The link works here, you must have a firewall or be behind one where you cant get to port 8080. That link is from the researchers who found the attack vectors and demonstrated them.

-----
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.

Waltish 
17/8/08 2:24:58 PM
Hero
Titan


Well it didnt work last nightbut does now, maybe they had a lot of traffic last night.

Thanks.

-----
http://technology.timesonline.co.uk/tol/news/tech_and_web/article4472654.ece

hill60606 
28/8/08 12:05:39 AM
Immortal

I'm having trouble finding .NET dll's loading into Firefox on my Linux system, perhaps someone could tell me where I'd find them.

-----
A decade of John Howard has left a country of timidity, fear and shame


His power resided in his ability to speak directly and powerfully to the negativity at the core of the Australian soul.

bastard 
29/8/08 2:26:50 PM
Titan

Quote by hill60606
I'm having trouble finding .NET dll's loading into Firefox on my Linux system, perhaps someone could tell me where I'd find them.



Up your arse where that comment should have stayed?

-----
You just keep on trying till you run out of cake.

 Previous Page 1 | 2  
Forums | Windows OS