Caitlin Grey (foenix) wrote,
Caitlin Grey
foenix

Duck and Cover

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Lovely. This is an almost amusingly simple attack. There's a lot of doom and fear in the article, but I figure they'll find fixes soon enough. Just be careful where y'all are surfing for awhile.

Here's some other highlights:

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.
Subscribe

  • Nite Time

    Trisk has a new review up, for the slasher flick Girls Nite Out, which is not at all about a girls night, and barely even has girls in it that…

  • Back Again

    Trisk has updated with another Michael Myers movie, Halloween Resurrection. Take a whole new cast, a bit of Busta Rhymes, and a pinch of found…

  • Seven Corpses for Seven Brothers

    Trisk finishes up September with the movie within a movie zombie movie, The House of Seven Corpses. And this may be the most befuddling movie I've…

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments