Vista's Security Rendered Completely Useless by New Exploit

I guess the LIE that vista is more secure than windows XP has gone down the
drain....


http://www.neowin.net/news/main/08/0...by-new-exploit

This week at the Black Hat Security Conference two security researchers will
discuss their findings which could completely bring Windows Vista to its
knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of
VMware Inc. have discovered a technique that can be used to bypass all
memory protection safeguards that Microsoft built into Windows Vista. These
new methods have been used to get around Vista's Address Space Layout
Randomization (ASLR), Data Execution Prevention (DEP) and other protections
by loading malicious content through an active web browser. The researchers
were able to load whatever content they wanted into any location they wished
on a user's machine using a variety of scripting languages, such as Java,
ActiveX and even .NET objects. This feat was achieved by taking advantage of
the way that Internet Explorer (and other browsers) handle active scripting
in the Operating System.

While this may seem like any standard security hole, other researchers say
that the work is a major breakthrough and there is very little that
Microsoft can do to fix the problems. These attacks work differently than
other security exploits, as they aren't based on any new Windows
vulnerabilities, but instead take advantage of the way Microsoft chose to
guard Vista's fundamental architecture. According to Dino Dai Zovi, a
popular security researcher, "the genius of this is that it's completely
reusable. They have attacks that let them load chosen content to a chosen
location with chosen permissions. That's completely game over."

According to Microsoft, many of the defenses added to Windows Vista (and
Windows Server 2008) were added to stop all host-based attacks. For example,
ASLR is meant to stop attackers from predicting key memory addresses by
randomly moving a process' stack, heap and libraries. While this technique
is very useful against memory corruption attacks, it would be rendered
useless against Dowd and Sotirov's new method. "This stuff just takes a
knife to a large part of the security mesh Microsoft built into Vista," said
Dai Zovi. "If you think about the fact that .NET loads DLLs into the browser
itself and then Microsoft assumes they're safe because they're .NET objects,
you see that Microsoft didn't think about the idea that these could be used
as stepping stones for other attacks. This is a real tour de force."

While Microsoft hasn't officially responded to the findings, Mike Reavey,
group manager of the Microsoft Security Response Center, said the company
has been aware of the research and is very interested to see it once it has
been made public. It currently isn't known whether these exploits can be
used against older Microsoft Operating Systems, such as Windows XP and
Windows Server 2003, but since these techniques do not rely on any one
specific vulnerability, Zovi believes that we may suddenly see many similar
techniques applied to other platforms or environments. "This is not insanely
technical. These two guys are capable of the really low-level technical
attacks, but this is simple and reusable," Dai Zovi said. "I definitely
think this will get reused soon."

These techniques are being seen as an advance that many in the security
community say will have far-reaching implications not only for Microsoft,
but also on how the entire technology industry thinks about attacks. Expect
to be hearing more about this in the near future and possibly being faced
with the prospect of your "secure" server being stripped completely naked of
all its protection.

Link: Black Hat Security Conference
Link: How To Impress Girls With Browser Memory Protection Bypasses

Keep on with your LIES! Fact is that the least number of attacks are on
Vista systems. And for the rest: go to another newsgroup! This does not
belong here!

"Warp 10" <> schreef in bericht
news:...
> I guess the LIE that vista is more secure than windows XP has gone down
> the drain....
>
>
> http://www.neowin.net/news/main/08/0...by-new-exploit
>
> This week at the Black Hat Security Conference two security researchers
> will discuss their findings which could completely bring Windows Vista to
> its knees.
>
> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of
> VMware Inc. have discovered a technique that can be used to bypass all
> memory protection safeguards that Microsoft built into Windows Vista.
> These new methods have been used to get around Vista's Address Space
> Layout Randomization (ASLR), Data Execution Prevention (DEP) and other
> protections by loading malicious content through an active web browser.
> The researchers were able to load whatever content they wanted into any
> location they wished on a user's machine using a variety of scripting
> languages, such as Java, ActiveX and even .NET objects. This feat was
> achieved by taking advantage of the way that Internet Explorer (and other
> browsers) handle active scripting in the Operating System.
>
> While this may seem like any standard security hole, other researchers say
> that the work is a major breakthrough and there is very little that
> Microsoft can do to fix the problems. These attacks work differently than
> other security exploits, as they aren't based on any new Windows
> vulnerabilities, but instead take advantage of the way Microsoft chose to
> guard Vista's fundamental architecture. According to Dino Dai Zovi, a
> popular security researcher, "the genius of this is that it's completely
> reusable. They have attacks that let them load chosen content to a chosen
> location with chosen permissions. That's completely game over."
>
> According to Microsoft, many of the defenses added to Windows Vista (and
> Windows Server 2008) were added to stop all host-based attacks. For
> example, ASLR is meant to stop attackers from predicting key memory
> addresses by randomly moving a process' stack, heap and libraries. While
> this technique is very useful against memory corruption attacks, it would
> be rendered useless against Dowd and Sotirov's new method. "This stuff
> just takes a knife to a large part of the security mesh Microsoft built
> into Vista," said Dai Zovi. "If you think about the fact that .NET loads
> DLLs into the browser itself and then Microsoft assumes they're safe
> because they're .NET objects, you see that Microsoft didn't think about
> the idea that these could be used as stepping stones for other attacks.
> This is a real tour de force."
>
> While Microsoft hasn't officially responded to the findings, Mike Reavey,
> group manager of the Microsoft Security Response Center, said the company
> has been aware of the research and is very interested to see it once it
> has been made public. It currently isn't known whether these exploits can
> be used against older Microsoft Operating Systems, such as Windows XP and
> Windows Server 2003, but since these techniques do not rely on any one
> specific vulnerability, Zovi believes that we may suddenly see many
> similar techniques applied to other platforms or environments. "This is
> not insanely technical. These two guys are capable of the really low-level
> technical attacks, but this is simple and reusable," Dai Zovi said. "I
> definitely think this will get reused soon."
>
> These techniques are being seen as an advance that many in the security
> community say will have far-reaching implications not only for Microsoft,
> but also on how the entire technology industry thinks about attacks.
> Expect to be hearing more about this in the near future and possibly being
> faced with the prospect of your "secure" server being stripped completely
> naked of all its protection.
>
> Link: Black Hat Security Conference
> Link: How To Impress Girls With Browser Memory Protection Bypasses

what does not belong here?

An article about vista does not belong here?

Are you nuts?

Wait, no need to answer, I already know the answer to that question! LOL




"Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
news:OCXBQoU#...
> Keep on with your LIES! Fact is that the least number of attacks are on
> Vista systems. And for the rest: go to another newsgroup! This does not
> belong here!
>
> "Warp 10" <> schreef in bericht
> news:...
>> I guess the LIE that vista is more secure than windows XP has gone down
>> the drain....
>>
>>
>> http://www.neowin.net/news/main/08/0...by-new-exploit
>>
>> This week at the Black Hat Security Conference two security researchers
>> will discuss their findings which could completely bring Windows Vista to
>> its knees.
>>
>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov,
>> of VMware Inc. have discovered a technique that can be used to bypass all
>> memory protection safeguards that Microsoft built into Windows Vista.
>> These new methods have been used to get around Vista's Address Space
>> Layout Randomization (ASLR), Data Execution Prevention (DEP) and other
>> protections by loading malicious content through an active web browser.
>> The researchers were able to load whatever content they wanted into any
>> location they wished on a user's machine using a variety of scripting
>> languages, such as Java, ActiveX and even .NET objects. This feat was
>> achieved by taking advantage of the way that Internet Explorer (and other
>> browsers) handle active scripting in the Operating System.
>>
>> While this may seem like any standard security hole, other researchers
>> say that the work is a major breakthrough and there is very little that
>> Microsoft can do to fix the problems. These attacks work differently than
>> other security exploits, as they aren't based on any new Windows
>> vulnerabilities, but instead take advantage of the way Microsoft chose to
>> guard Vista's fundamental architecture. According to Dino Dai Zovi, a
>> popular security researcher, "the genius of this is that it's completely
>> reusable. They have attacks that let them load chosen content to a chosen
>> location with chosen permissions. That's completely game over."
>>
>> According to Microsoft, many of the defenses added to Windows Vista (and
>> Windows Server 2008) were added to stop all host-based attacks. For
>> example, ASLR is meant to stop attackers from predicting key memory
>> addresses by randomly moving a process' stack, heap and libraries. While
>> this technique is very useful against memory corruption attacks, it would
>> be rendered useless against Dowd and Sotirov's new method. "This stuff
>> just takes a knife to a large part of the security mesh Microsoft built
>> into Vista," said Dai Zovi. "If you think about the fact that .NET loads
>> DLLs into the browser itself and then Microsoft assumes they're safe
>> because they're .NET objects, you see that Microsoft didn't think about
>> the idea that these could be used as stepping stones for other attacks.
>> This is a real tour de force."
>>
>> While Microsoft hasn't officially responded to the findings, Mike Reavey,
>> group manager of the Microsoft Security Response Center, said the company
>> has been aware of the research and is very interested to see it once it
>> has been made public. It currently isn't known whether these exploits can
>> be used against older Microsoft Operating Systems, such as Windows XP and
>> Windows Server 2003, but since these techniques do not rely on any one
>> specific vulnerability, Zovi believes that we may suddenly see many
>> similar techniques applied to other platforms or environments. "This is
>> not insanely technical. These two guys are capable of the really
>> low-level technical attacks, but this is simple and reusable," Dai Zovi
>> said. "I definitely think this will get reused soon."
>>
>> These techniques are being seen as an advance that many in the security
>> community say will have far-reaching implications not only for Microsoft,
>> but also on how the entire technology industry thinks about attacks.
>> Expect to be hearing more about this in the near future and possibly
>> being faced with the prospect of your "secure" server being stripped
>> completely naked of all its protection.
>>
>> Link: Black Hat Security Conference
>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>

Flaming Vista and its users don't belong here, troll! For lies about Vista
are other groups. Try to find newsgroups with the subject flame and **** off
here.



"Warp 10" <> schreef in bericht
news:...
> what does not belong here?
>
> An article about vista does not belong here?
>
> Are you nuts?
>
> Wait, no need to answer, I already know the answer to that question! LOL
>
>
>
>
> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
> news:OCXBQoU#...
>> Keep on with your LIES! Fact is that the least number of attacks are on
>> Vista systems. And for the rest: go to another newsgroup! This does not
>> belong here!
>>
>> "Warp 10" <> schreef in bericht
>> news:...
>>> I guess the LIE that vista is more secure than windows XP has gone down
>>> the drain....
>>>
>>>
>>> http://www.neowin.net/news/main/08/0...by-new-exploit
>>>
>>> This week at the Black Hat Security Conference two security researchers
>>> will discuss their findings which could completely bring Windows Vista
>>> to its knees.
>>>
>>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov,
>>> of VMware Inc. have discovered a technique that can be used to bypass
>>> all memory protection safeguards that Microsoft built into Windows
>>> Vista. These new methods have been used to get around Vista's Address
>>> Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and
>>> other protections by loading malicious content through an active web
>>> browser. The researchers were able to load whatever content they wanted
>>> into any location they wished on a user's machine using a variety of
>>> scripting languages, such as Java, ActiveX and even .NET objects. This
>>> feat was achieved by taking advantage of the way that Internet Explorer
>>> (and other browsers) handle active scripting in the Operating System.
>>>
>>> While this may seem like any standard security hole, other researchers
>>> say that the work is a major breakthrough and there is very little that
>>> Microsoft can do to fix the problems. These attacks work differently
>>> than other security exploits, as they aren't based on any new Windows
>>> vulnerabilities, but instead take advantage of the way Microsoft chose
>>> to guard Vista's fundamental architecture. According to Dino Dai Zovi, a
>>> popular security researcher, "the genius of this is that it's completely
>>> reusable. They have attacks that let them load chosen content to a
>>> chosen location with chosen permissions. That's completely game over."
>>>
>>> According to Microsoft, many of the defenses added to Windows Vista (and
>>> Windows Server 2008) were added to stop all host-based attacks. For
>>> example, ASLR is meant to stop attackers from predicting key memory
>>> addresses by randomly moving a process' stack, heap and libraries. While
>>> this technique is very useful against memory corruption attacks, it
>>> would be rendered useless against Dowd and Sotirov's new method. "This
>>> stuff just takes a knife to a large part of the security mesh Microsoft
>>> built into Vista," said Dai Zovi. "If you think about the fact that .NET
>>> loads DLLs into the browser itself and then Microsoft assumes they're
>>> safe because they're .NET objects, you see that Microsoft didn't think
>>> about the idea that these could be used as stepping stones for other
>>> attacks. This is a real tour de force."
>>>
>>> While Microsoft hasn't officially responded to the findings, Mike
>>> Reavey, group manager of the Microsoft Security Response Center, said
>>> the company has been aware of the research and is very interested to see
>>> it once it has been made public. It currently isn't known whether these
>>> exploits can be used against older Microsoft Operating Systems, such as
>>> Windows XP and Windows Server 2003, but since these techniques do not
>>> rely on any one specific vulnerability, Zovi believes that we may
>>> suddenly see many similar techniques applied to other platforms or
>>> environments. "This is not insanely technical. These two guys are
>>> capable of the really low-level technical attacks, but this is simple
>>> and reusable," Dai Zovi said. "I definitely think this will get reused
>>> soon."
>>>
>>> These techniques are being seen as an advance that many in the security
>>> community say will have far-reaching implications not only for
>>> Microsoft, but also on how the entire technology industry thinks about
>>> attacks. Expect to be hearing more about this in the near future and
>>> possibly being faced with the prospect of your "secure" server being
>>> stripped completely naked of all its protection.
>>>
>>> Link: Black Hat Security Conference
>>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>>

"Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in
news:eNei$hW#:

> Flaming Vista and its users don't belong here, troll! For lies about
> Vista are other groups. Try to find newsgroups with the subject flame
> and **** off here.

I saw no groups with 'flame' AND Vista in the title, and the article was
not 'flaming' Vista, nor were there any lies. Do you have any idea what
'flaming' means in the context of the internet ? (And it's got nothing to
do with a lifestyle choice.)

The OP was absolutely on-topic, as reporting what could be a major flaw in
Vista security.

where exactly is the point where I flame vista users?

because I am telling the truth that vista is not really more secure than xp
and its just a myth to sell more vista copies?

You don't seem able to handle the truth, or if you don't like calling it the
truth at least call it other peoples opinions...

if you want a newsgroup dictatorship where people only love vista make your
own moderated forum...

if not, stay here but be more flexible

because vista is really ****



"Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
news:eNei$hW#...
> Flaming Vista and its users don't belong here, troll! For lies about Vista
> are other groups. Try to find newsgroups with the subject flame and ****
> off here.
>
>
>
> "Warp 10" <> schreef in bericht
> news:...
>> what does not belong here?
>>
>> An article about vista does not belong here?
>>
>> Are you nuts?
>>
>> Wait, no need to answer, I already know the answer to that question! LOL
>>
>>
>>
>>
>> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
>> news:OCXBQoU#...
>>> Keep on with your LIES! Fact is that the least number of attacks are on
>>> Vista systems. And for the rest: go to another newsgroup! This does not
>>> belong here!
>>>
>>> "Warp 10" <> schreef in bericht
>>> news:...
>>>> I guess the LIE that vista is more secure than windows XP has gone down
>>>> the drain....
>>>>
>>>>
>>>> http://www.neowin.net/news/main/08/0...by-new-exploit
>>>>
>>>> This week at the Black Hat Security Conference two security researchers
>>>> will discuss their findings which could completely bring Windows Vista
>>>> to its knees.
>>>>
>>>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov,
>>>> of VMware Inc. have discovered a technique that can be used to bypass
>>>> all memory protection safeguards that Microsoft built into Windows
>>>> Vista. These new methods have been used to get around Vista's Address
>>>> Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and
>>>> other protections by loading malicious content through an active web
>>>> browser. The researchers were able to load whatever content they wanted
>>>> into any location they wished on a user's machine using a variety of
>>>> scripting languages, such as Java, ActiveX and even .NET objects. This
>>>> feat was achieved by taking advantage of the way that Internet Explorer
>>>> (and other browsers) handle active scripting in the Operating System.
>>>>
>>>> While this may seem like any standard security hole, other researchers
>>>> say that the work is a major breakthrough and there is very little that
>>>> Microsoft can do to fix the problems. These attacks work differently
>>>> than other security exploits, as they aren't based on any new Windows
>>>> vulnerabilities, but instead take advantage of the way Microsoft chose
>>>> to guard Vista's fundamental architecture. According to Dino Dai Zovi,
>>>> a popular security researcher, "the genius of this is that it's
>>>> completely reusable. They have attacks that let them load chosen
>>>> content to a chosen location with chosen permissions. That's completely
>>>> game over."
>>>>
>>>> According to Microsoft, many of the defenses added to Windows Vista
>>>> (and Windows Server 2008) were added to stop all host-based attacks.
>>>> For example, ASLR is meant to stop attackers from predicting key memory
>>>> addresses by randomly moving a process' stack, heap and libraries.
>>>> While this technique is very useful against memory corruption attacks,
>>>> it would be rendered useless against Dowd and Sotirov's new method.
>>>> "This stuff just takes a knife to a large part of the security mesh
>>>> Microsoft built into Vista," said Dai Zovi. "If you think about the
>>>> fact that .NET loads DLLs into the browser itself and then Microsoft
>>>> assumes they're safe because they're .NET objects, you see that
>>>> Microsoft didn't think about the idea that these could be used as
>>>> stepping stones for other attacks. This is a real tour de force."
>>>>
>>>> While Microsoft hasn't officially responded to the findings, Mike
>>>> Reavey, group manager of the Microsoft Security Response Center, said
>>>> the company has been aware of the research and is very interested to
>>>> see it once it has been made public. It currently isn't known whether
>>>> these exploits can be used against older Microsoft Operating Systems,
>>>> such as Windows XP and Windows Server 2003, but since these techniques
>>>> do not rely on any one specific vulnerability, Zovi believes that we
>>>> may suddenly see many similar techniques applied to other platforms or
>>>> environments. "This is not insanely technical. These two guys are
>>>> capable of the really low-level technical attacks, but this is simple
>>>> and reusable," Dai Zovi said. "I definitely think this will get reused
>>>> soon."
>>>>
>>>> These techniques are being seen as an advance that many in the security
>>>> community say will have far-reaching implications not only for
>>>> Microsoft, but also on how the entire technology industry thinks about
>>>> attacks. Expect to be hearing more about this in the near future and
>>>> possibly being faced with the prospect of your "secure" server being
>>>> stripped completely naked of all its protection.
>>>>
>>>> Link: Black Hat Security Conference
>>>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>>>

> The OP was absolutely on-topic, as reporting what could be a major flaw in
> Vista security.

I agree, he/she was. Type "vista security flaw" into Google, and go into
Advanced Search and tell it to show results from the past 24 hours only.

Then read all about it......

SteveT

Prove what you say. Otherwise keep your mouth shut!


"Warp 10" <> schreef in bericht
news:489c75ea$...
> where exactly is the point where I flame vista users?
>
> because I am telling the truth that vista is not really more secure than
> xp and its just a myth to sell more vista copies?
>
> You don't seem able to handle the truth, or if you don't like calling it
> the truth at least call it other peoples opinions...
>
> if you want a newsgroup dictatorship where people only love vista make
> your own moderated forum...
>
> if not, stay here but be more flexible
>
> because vista is really ****
>
>
>
> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
> news:eNei$hW#...
>> Flaming Vista and its users don't belong here, troll! For lies about
>> Vista are other groups. Try to find newsgroups with the subject flame and
>> **** off here.
>>
>>
>>
>> "Warp 10" <> schreef in bericht
>> news:...
>>> what does not belong here?
>>>
>>> An article about vista does not belong here?
>>>
>>> Are you nuts?
>>>
>>> Wait, no need to answer, I already know the answer to that question! LOL
>>>
>>>
>>>
>>>
>>> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
>>> news:OCXBQoU#...
>>>> Keep on with your LIES! Fact is that the least number of attacks are on
>>>> Vista systems. And for the rest: go to another newsgroup! This does not
>>>> belong here!
>>>>
>>>> "Warp 10" <> schreef in bericht
>>>> news:...
>>>>> I guess the LIE that vista is more secure than windows XP has gone
>>>>> down the drain....
>>>>>
>>>>>
>>>>> http://www.neowin.net/news/main/08/0...by-new-exploit
>>>>>
>>>>> This week at the Black Hat Security Conference two security
>>>>> researchers will discuss their findings which could completely bring
>>>>> Windows Vista to its knees.
>>>>>
>>>>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander
>>>>> Sotirov, of VMware Inc. have discovered a technique that can be used
>>>>> to bypass all memory protection safeguards that Microsoft built into
>>>>> Windows Vista. These new methods have been used to get around Vista's
>>>>> Address Space Layout Randomization (ASLR), Data Execution Prevention
>>>>> (DEP) and other protections by loading malicious content through an
>>>>> active web browser. The researchers were able to load whatever content
>>>>> they wanted into any location they wished on a user's machine using a
>>>>> variety of scripting languages, such as Java, ActiveX and even .NET
>>>>> objects. This feat was achieved by taking advantage of the way that
>>>>> Internet Explorer (and other browsers) handle active scripting in the
>>>>> Operating System.
>>>>>
>>>>> While this may seem like any standard security hole, other researchers
>>>>> say that the work is a major breakthrough and there is very little
>>>>> that Microsoft can do to fix the problems. These attacks work
>>>>> differently than other security exploits, as they aren't based on any
>>>>> new Windows vulnerabilities, but instead take advantage of the way
>>>>> Microsoft chose to guard Vista's fundamental architecture. According
>>>>> to Dino Dai Zovi, a popular security researcher, "the genius of this
>>>>> is that it's completely reusable. They have attacks that let them load
>>>>> chosen content to a chosen location with chosen permissions. That's
>>>>> completely game over."
>>>>>
>>>>> According to Microsoft, many of the defenses added to Windows Vista
>>>>> (and Windows Server 2008) were added to stop all host-based attacks.
>>>>> For example, ASLR is meant to stop attackers from predicting key
>>>>> memory addresses by randomly moving a process' stack, heap and
>>>>> libraries. While this technique is very useful against memory
>>>>> corruption attacks, it would be rendered useless against Dowd and
>>>>> Sotirov's new method. "This stuff just takes a knife to a large part
>>>>> of the security mesh Microsoft built into Vista," said Dai Zovi. "If
>>>>> you think about the fact that .NET loads DLLs into the browser itself
>>>>> and then Microsoft assumes they're safe because they're .NET objects,
>>>>> you see that Microsoft didn't think about the idea that these could be
>>>>> used as stepping stones for other attacks. This is a real tour de
>>>>> force."
>>>>>
>>>>> While Microsoft hasn't officially responded to the findings, Mike
>>>>> Reavey, group manager of the Microsoft Security Response Center, said
>>>>> the company has been aware of the research and is very interested to
>>>>> see it once it has been made public. It currently isn't known whether
>>>>> these exploits can be used against older Microsoft Operating Systems,
>>>>> such as Windows XP and Windows Server 2003, but since these techniques
>>>>> do not rely on any one specific vulnerability, Zovi believes that we
>>>>> may suddenly see many similar techniques applied to other platforms or
>>>>> environments. "This is not insanely technical. These two guys are
>>>>> capable of the really low-level technical attacks, but this is simple
>>>>> and reusable," Dai Zovi said. "I definitely think this will get reused
>>>>> soon."
>>>>>
>>>>> These techniques are being seen as an advance that many in the
>>>>> security community say will have far-reaching implications not only
>>>>> for Microsoft, but also on how the entire technology industry thinks
>>>>> about attacks. Expect to be hearing more about this in the near future
>>>>> and possibly being faced with the prospect of your "secure" server
>>>>> being stripped completely naked of all its protection.
>>>>>
>>>>> Link: Black Hat Security Conference
>>>>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>>>>

On Fri, 8 Aug 2008 19:01:19 +0200, "Flight"
<jPUNTvoorbeeld@gmailPUNTcom> wrote:

>Prove what you say. Otherwise keep your mouth shut!

Who the hell are you, a Franky ****wit wannabe?

The post claiming security exploits is of (or should be) grave concern
since it totally blows apart Vista's claim "security" system.
Obviously the fanboy crowd will have endless spasms and hissy fits
over it and try to discredit such reports, since that's what they
always do whenever anything negative about Microsoft crap comes to
light which is why they're all damn fools.
>
>
>"Warp 10" <> schreef in bericht
>news:489c75ea$...
>> where exactly is the point where I flame vista users?
>>
>> because I am telling the truth that vista is not really more secure than
>> xp and its just a myth to sell more vista copies?
>>
>> You don't seem able to handle the truth, or if you don't like calling it
>> the truth at least call it other peoples opinions...
>>
>> if you want a newsgroup dictatorship where people only love vista make
>> your own moderated forum...
>>
>> if not, stay here but be more flexible
>>
>> because vista is really ****
>>
>>
>>
>> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
>> news:eNei$hW#...
>>> Flaming Vista and its users don't belong here, troll! For lies about
>>> Vista are other groups. Try to find newsgroups with the subject flame and
>>> **** off here.
>>>
>>>
>>>
>>> "Warp 10" <> schreef in bericht
>>> news:...
>>>> what does not belong here?
>>>>
>>>> An article about vista does not belong here?
>>>>
>>>> Are you nuts?
>>>>
>>>> Wait, no need to answer, I already know the answer to that question! LOL
>>>>
>>>>
>>>>
>>>>
>>>> "Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message
>>>> news:OCXBQoU#...
>>>>> Keep on with your LIES! Fact is that the least number of attacks are on
>>>>> Vista systems. And for the rest: go to another newsgroup! This does not
>>>>> belong here!
>>>>>
>>>>> "Warp 10" <> schreef in bericht
>>>>> news:...
>>>>>> I guess the LIE that vista is more secure than windows XP has gone
>>>>>> down the drain....
>>>>>>
>>>>>>
>>>>>> http://www.neowin.net/news/main/08/0...by-new-exploit
>>>>>>
>>>>>> This week at the Black Hat Security Conference two security
>>>>>> researchers will discuss their findings which could completely bring
>>>>>> Windows Vista to its knees.
>>>>>>
>>>>>> Mark Dowd of IBM Internet Security Systems (ISS) and Alexander
>>>>>> Sotirov, of VMware Inc. have discovered a technique that can be used
>>>>>> to bypass all memory protection safeguards that Microsoft built into
>>>>>> Windows Vista. These new methods have been used to get around Vista's
>>>>>> Address Space Layout Randomization (ASLR), Data Execution Prevention
>>>>>> (DEP) and other protections by loading malicious content through an
>>>>>> active web browser. The researchers were able to load whatever content
>>>>>> they wanted into any location they wished on a user's machine using a
>>>>>> variety of scripting languages, such as Java, ActiveX and even .NET
>>>>>> objects. This feat was achieved by taking advantage of the way that
>>>>>> Internet Explorer (and other browsers) handle active scripting in the
>>>>>> Operating System.
>>>>>>
>>>>>> While this may seem like any standard security hole, other researchers
>>>>>> say that the work is a major breakthrough and there is very little
>>>>>> that Microsoft can do to fix the problems. These attacks work
>>>>>> differently than other security exploits, as they aren't based on any
>>>>>> new Windows vulnerabilities, but instead take advantage of the way
>>>>>> Microsoft chose to guard Vista's fundamental architecture. According
>>>>>> to Dino Dai Zovi, a popular security researcher, "the genius of this
>>>>>> is that it's completely reusable. They have attacks that let them load
>>>>>> chosen content to a chosen location with chosen permissions. That's
>>>>>> completely game over."
>>>>>>
>>>>>> According to Microsoft, many of the defenses added to Windows Vista
>>>>>> (and Windows Server 2008) were added to stop all host-based attacks.
>>>>>> For example, ASLR is meant to stop attackers from predicting key
>>>>>> memory addresses by randomly moving a process' stack, heap and
>>>>>> libraries. While this technique is very useful against memory
>>>>>> corruption attacks, it would be rendered useless against Dowd and
>>>>>> Sotirov's new method. "This stuff just takes a knife to a large part
>>>>>> of the security mesh Microsoft built into Vista," said Dai Zovi. "If
>>>>>> you think about the fact that .NET loads DLLs into the browser itself
>>>>>> and then Microsoft assumes they're safe because they're .NET objects,
>>>>>> you see that Microsoft didn't think about the idea that these could be
>>>>>> used as stepping stones for other attacks. This is a real tour de
>>>>>> force."
>>>>>>
>>>>>> While Microsoft hasn't officially responded to the findings, Mike
>>>>>> Reavey, group manager of the Microsoft Security Response Center, said
>>>>>> the company has been aware of the research and is very interested to
>>>>>> see it once it has been made public. It currently isn't known whether
>>>>>> these exploits can be used against older Microsoft Operating Systems,
>>>>>> such as Windows XP and Windows Server 2003, but since these techniques
>>>>>> do not rely on any one specific vulnerability, Zovi believes that we
>>>>>> may suddenly see many similar techniques applied to other platforms or
>>>>>> environments. "This is not insanely technical. These two guys are
>>>>>> capable of the really low-level technical attacks, but this is simple
>>>>>> and reusable," Dai Zovi said. "I definitely think this will get reused
>>>>>> soon."
>>>>>>
>>>>>> These techniques are being seen as an advance that many in the
>>>>>> security community say will have far-reaching implications not only
>>>>>> for Microsoft, but also on how the entire technology industry thinks
>>>>>> about attacks. Expect to be hearing more about this in the near future
>>>>>> and possibly being faced with the prospect of your "secure" server
>>>>>> being stripped completely naked of all its protection.
>>>>>>
>>>>>> Link: Black Hat Security Conference
>>>>>> Link: How To Impress Girls With Browser Memory Protection Bypasses
>>>>>

Ringmaster wrote:
> On Fri, 8 Aug 2008 19:01:19 +0200, "Flight"
> <jPUNTvoorbeeld@gmailPUNTcom> wrote:
>
>
>>Prove what you say. Otherwise keep your mouth shut!
>
>
> Who the hell are you, a Franky ****wit wannabe?

Who the fukk are you? A big mouth pompous drunken asshole lying pig?
>
> The post claiming security exploits is of (or should be) grave concern
> since it totally blows apart Vista's claim "security" system.

Does the word "possible' mean anything to a ****wit idiot moron piece of
useless **** like you?
How about to implement this "possible flaw', you need to:
1) disable UAC
2) user intervention to work in the first place.

Obviously that just kills you doesn't it, adam albright.