DigitalBurn.com

Microsoft Vista Hacked

Expect Bill to come out of/hold off his retirement for this bad boy! Last week the Black Hat hacking conference revealed a fundamental flaw in Microsoft Vista’s security, which cannot be fixed. According to Alexander Sotirov of VMware Inc and Mark Dowd, who belongs to IBM Internet Security Systems (ISS), the flaw in Windows is so big, it blows the whole thing apart. This is what happens when you get real computer experts from leading commercial computer companies that write banking software, to look at security vulnerabilities in a consumer operating system. Why the hell did we not stick with OS2/Warp when we had the chance? Maybe then we’d have been safe.

The method of which I speak involves using parts of the .NET framework and Java to run malicious code. The code is capable of attacking Vista’s Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) technologies. To clarify, read on to see what Dino Dai Zovi had to say on the matter.

“The genius of this is that it’s completely reusable, they have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over. What this means is that almost any vulnerability in the browser is trivially exploitable.”

It makes sense that the entry is via Internet Explorer, but apparently it need not be limited to this. Furthermore, in principle, Windows XP and Mac OS X could both be venerable.

Microsoft have yet to comment. We’ll keep you updated

Popularity: 3% [?]