New Vista Security Flaws - Should we be concerned?

Discussion in 'Windows Vista Security' started by Roscoe, Feb 6, 2007.

  1. Roscoe

    Roscoe Guest

    Should we be concerned about two more dangerous exploits/security flaws
    uncovered by “Long” and “Zheng” (two Swedish security experts using these
    names to hide their identity from Microsoft)?:

    "The first exploit is a bug inside the keyboard and mouse subsystem which
    enables the targeted system to be hijacked and maliciously delete files,
    folders, music, torrents and other important sounding stuff without the user’s
    authorization or control.

    Details of how such an exploit works are sketchy, but leaked documents
    reveal the keyboard and mouse APIs offers unprecedented amount of control
    over an operating system, allowing anyone and everyone to have full access
    to your computer with or without your authorization. This exploit allows
    anyone ranging from younger siblings to gang leaders who could use brute
    force, such as a punch or tickle, to gain access to your keyboard and mouse
    cursors and perform malicious activities such as browsing The Inquirer or
    deleting vital fraudulent financial documents.

    A second exploit highlights a serious flaw inside the popular
    Windows-platform development tool, Visual Studio. An undocumented feature
    inside this software is said to enable the ability for malicious users to
    compile and execute unsigned and potentially damaging source code. If users
    somehow come across malicious source code and decide to copy, paste, compile
    and execute within Visual Studio, the resulting application could change
    wallpapers, block access to YouTube, increase the volume and other serious
    irreversible damages to the computer system."
     
    Roscoe, Feb 6, 2007
    #1
    1. Advertisements

  2. Roscoe

    Mark Burnett Guest

    This exploit allows anyone ranging from younger siblings to gang leaders
    Read it again, its a joke.
     
    Mark Burnett, Feb 6, 2007
    #2
    1. Advertisements

  3. Roscoe

    akita Guest

    akita, Feb 7, 2007
    #3
  4. Roscoe

    Mark Burnett Guest

    Sorry Mark, but NO, it ain't a joke! Read here: Haha, just because it has a url doesn't mean its not a joke.

    Vulnerability one:
    - Vista allows someone to hijack a computer due to a flaw in the "keyboard
    and mouse subsystem"
    - "This exploit allows anyone...who could use brute force, such as a punch
    or tickle, to gain access to your keyboard

    Vulnerability two:
    - Visual Studio allows malicious users to "compile and execute unsigned and
    potentially damaging source code"
    - "If users somehow come across malicious source code and decide to copy,
    paste, compile and execute within Visual Studio, the resulting application
    could change wallpapers, block access to YouTube, increase the volume and
    other serious irreversible damages to the computer system."

    and also:

    "Next week, keep an eye out for the exclusive report on why Solitaire is a
    fire hazard. How the end-game fireworks might burn down your operating
    system."

    etc.
     
    Mark Burnett, Feb 7, 2007
    #4
  5. Roscoe

    Jesper Guest

    Watch for your favority security vendor to publish Intrusion Prevention
    System signatures soon to protect you against these types of glaring issues.
    I heard the leading analyst organizations are preparing statements to warn
    people too.
     
    Jesper, Feb 8, 2007
    #5
  6. Roscoe

    Dennis Pack Guest

    Jesper:
    Hopefully there will be a better tool. The only tool that's been
    able to control the loose nut behind this keyboard is to turn the computer
    off. Have a great day.
     
    Dennis Pack, Feb 8, 2007
    #6
  7. In fact, I understand the leading keyboard manufacturers are working on some
    safegurads - childproof keyboard covers and fingerprint-sensitive mice.

    --

    Kevin Spencer
    Microsoft MVP
    Software Composer
    http://unclechutney.blogspot.com

    The shortest distance between 2 points is a curve.
     
    Kevin Spencer, Feb 8, 2007
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.