Shattering Windows 965
ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."
Someone discovered Windows is insecure. (Score:5, Funny)
Isn't this in the EULA anyway? (Score:5, Funny)
EASY! (Score:4, Funny)
ME) Hello, Mr. Hockenblock?
MR HB) yes?
ME) Our network associates have found a bug in the network system.
MR HB) Oh, really?
ME) Yes, it seems there is a particularly nasty roving virus that when it hits your system through an open port, can cause your computer to get stuck in an n-th complexity infinite binary loop*
*- note blatantly stolen bogus virus description! (see: good times virus warning)
MR HB) Dear lord, no!
ME) any ways, there is a way to fix it.
MR HB) How?!
ME) just got to http://www.eye.0wn.j00.com and download and run the files there.
MR HB) thanks!
ME) please tell all your friends.
MR HB) I will!
Evolving Concepts at Microsoft are Frightening (Score:5, Funny)
Then it evolves to mean "You trust us."
Then it evolves to mean "You trust only us."
Then it evolves to mean "All your base are belong to us."
I think I'm safe (Score:2, Funny)
no, no..... (Score:5, Funny)
High opinion (Score:4, Funny)
Re:Take control? (Score:1, Funny)
check mine out.
Original Install Date: 2/1/2000, 01:42:37 PM
System Up Time: 700 Days, 8 Hours, 4 Minutes, 15 Seconds
C:\> ver
Windows 98 [Version 4.10.2222]
Re:Scott Charney (Score:1, Funny)
Oops--my cat jumped on the keyboard and submitted my post before I got into my favorite Scott Charney anecdote. Back in the U. Mich. [umich.edu] days, Scott and I were discussing userspace security in the Win32 API. Scott wanted a little bit of time to think over my suggestion about modifications to msgsrv32.dll, so I excused myself. As I stood up to leave Scott said "Your barn door is open". Before I could look down to check, Scott yanked on my waistband and poured a bowl of hot grits down my pants. It was sticky and hot.
Oliver u r teh TRLOL.
Re:High opinion (Score:4, Funny)
Windows Exploit - most dangerous! (Score:5, Funny)
Bam! Root access.
This works on the systems of the DMV, FBI, DOD, Equifax, Telephone and Utillity companies.
I couldn't believe it myself! I said, "This is so easy, even Sandra Bullock could hack this!"
Re:Don't Do That (Score:4, Funny)
Windows is insecure. Linux is insecure. PROGRAMS are insecure.
Re:the basic problem (Score:2, Funny)
And if you have a company of nothing but marketers and sales, you'll also sell nothing but a lot of vapour and hype. But you'll sell an awful lot of it...
Re:High opinion (Score:4, Funny)
Re:Don't Do That (Score:3, Funny)
patient: Doctor, it hurts when I do this.
doctor: Well then, don't do that!
Re:Fixability (Score:5, Funny)
Is this the Allchin bug? (Score:2, Funny)
If it is, then it seems a bit dishonest for the microsoft message [tombom.co.uk] author (Dave at the Security Response Center) to say that they don't consider it to be a bug.
If it isn't, then there must be another problem which is even more serious. Oh dear!
Re:the basic problem (Score:1, Funny)
Re: sprintf() _is_ safe. (Score:2, Funny)
And I forgot: You can even specify dynamic field sizes using the '*' character:
sprintf (buf, "%-.*sTEXT", sizeof(buf)-(sizeof("TEXT")-1)-1, textofunknownlen);
Good to know and good to use, IMHO.
Re:Virus in his code (Score:2, Funny)
Do you mean Windows or the exploit?
Re:How do you rescind acceptance of the EULA? (Score:3, Funny)
Here is where many people get confused by legal definitions and concepts of property, contracts, and so forth. Allow me to attempt to clear this up: Microsoft does not "own" your box. In legal parlance, Microsoft "0wnz j00!!!!!"
Re:Physical access (Score:1, Funny)
Re:Just so you know... AFAIK (Score:2, Funny)
Re:Don't Do That (Score:1, Funny)
Free Software Foundation
59 Temple Place - Suite 330
Boston, MA 02111-1307, USA
Any other questions?
Re:Executing untrusted code (Score:4, Funny)
3) Profit
It had to be said...
Comment removed (Score:2, Funny)
Re:High opinion (Score:2, Funny)
Cheers
Stor
Re:Nice try (Score:3, Funny)
I fail to see how post some techie-sounding text related to some vague problem with Windows is supposed to lead to girls
-