Archive for exploit

It’s Official…. Vista’s Security Is Useless… Maybe….. [UPDATED x2]

Posted in Commentary with tags , , on August 8, 2008 by itnerd

The Black Hat security conference had a bombshell dropped on it yesterday. Mark Dowd of IBM Internet Security Systems and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista:

“The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.””

From what I can tell, the hack takes advantage of the way Internet Explorer handles scripting languages. That implies that Firefox/Safari/Opera users are safe (or at least safer). Also, I would think it’s perfectly reasonable to assume that a rewrite of the affected portions of Vista will provide the fix if that is the case (that of course assumes that the cure isn’t worse than the disease). So to say that it’s broken and can’t be fixed is as much of a sure thing as saying it’s secure and can’t be hacked.

In any case, Microsoft is apparently aware of the research and wants to see it. Given all of the negative press that Vista has, you’d think Microsoft would have paid them to bury the research. In any case, it will be interesting to see how Microsoft responds to this.

UPDATE: Here’s another link with more detail.

UPDATE #2: Here’s a very detailed PDF from the two researchers on this issue.

Apple Safari Is Secure…. NOT!

Posted in Commentary, Security with tags , , , , on March 28, 2008 by itnerd

There’s a hacking contest that’s part of CanSecWest going on right now in Vancouver BC and for the second year in a row, a Mac was the first to be hacked. Charlie Miller who is best known for hacking the iPhone, cracked a MacBook Air with nothing but OS X installed in under two minutes by having contest organizers visit a website that contained his exploit code. That code allowed him to take control of the computer and score him the MacBook Air and $10,000. That implies that the hole that he exploited is in the Safari browser, but we won’t know for a while as he has signed a NDA to allow Apple to fix the hole. Last year Shane Macaulay used a Safari hole to score himself a MacBook, so clearly Safari is not as secure as Apple thinks it is. That’s a great reason to switch to FireFox now to protect yourself in the short term (assuming that you don’t already use FireFox) until Apple fixes it. But it really shoots a hole into Apple’s claim that “Apple engineers designed Safari to be secure from day one.” (go to www.apple.com/safari and click Security on the left hand side)