ExtraTorrent.cc - The Largest Bittorent SystemLogin   |   Register
Latest Articles
Most searched
Hot torrents
First Cams
View Torrent Info: Beauty and the Beast 2017 HDCAM 700MB x264-DiRG
View Torrent Info: Kong.Skull.Island.2017.CAM.XviD-VAiN
View Torrent Info: The Shack 2017 HDCAM x264-iMLEAVING
View Torrent Info: T2.Trainspotting.2017.CAM.XViD-ETRG
Hot torrents
XVID DIVX
View Torrent Info: From.a.House.on.Willow.Street.2016.HDRip.XviD.AC3-EVO
View Torrent Info: The.Space.Between.Us.2017.HC.HDRip.XViD.AC3-ETRG
View Torrent Info: Walk.of.Fame.2017.HDRip.XviD.AC3-EVO
View Torrent Info: All.Nighter.2017.HDRip.XviD.AC3-EVO
Hot torrents
H264 X264
View Torrent Info: Resident.Evil.The.Final.Chapter.2016.1080p.BRRip.x264.AAC-ETRG
View Torrent Info: Paterson.2016.720p.BluRay.X264-AMIABLE[EtHD]
View Torrent Info: Dark Skies (2013) 720p BluRay x264 DTS Soup
View Torrent Info: Split.2016.1080p.HC.HDRip.X264.AC3-EVO[EtHD]
Hot torrents
BluRay, 4k UHD
View Torrent Info: Resident.Evil.The.Final.Chapter.2016.1080p.BluRay.X264-AMIABLE[EtHD]
View Torrent Info: Hidden.Figures.2016.1080p.BluRay.x264-GECKOS[EtHD]
View Torrent Info: Sin City 2005 1080p BluRay x264 DTSHD 7.1 Subs -DDR
View Torrent Info: The Uninvited 2009 Multi 1080p Bluray x264 TrueHD 5.1 -DDR
Hot torrents
Television
View Torrent Info: The.Blacklist.Redemption.S01E05.HDTV.x264-KILLERS[ettv]
View Torrent Info: The.Last.Kingdom.S02E02.HDTV.x264-MTB[ettv]
View Torrent Info: Greys.Anatomy.S13E17.HDTV.x264-LOL[ettv]
View Torrent Info: Arrow.S05E17.HDTV.x264-LOL[ettv]
View Torrent Info: Hidden Figures (2016) 720p BRRip Hindi DD 5.1Ch - Eng DD 5.1Ch ~ PyZ
View Torrent Info: Children of War (2014) DVDRIP x264 AAC 5.1 ESub [DDR]
View Torrent Info: Tube (2003) UNCUT 720p DVDRip x264 Eng Subs [Dual Audio] [Hindi 2.0 - Korean 2.0] Exclusive By -=!Dr.STAR!=-
View Torrent Info: Fantastic Beasts and Where to Find Them (2016) 720p BluRay Hindi DD 5.1Ch - Eng DD 5.1Ch ~ PyZ
30s
Chat
To add new messages please Login or Register for FREE
Warning! Use a VPN When Downloading Torrents!
Your IP Address is 54.211.238.44.   Location is United States
Your Internet Provider and Government can track your torrent activity!  Hide your IP ADDRESS with a VPN!
ExtraTorrent strongly recommends using Trust.Zone VPN to anonymize your torrenting. It's FREE!
Get VPN Now for FREE!


Windows Vista security 'rendered useless' by researchers


Post a Reply    Subscribe to Topic    
AuthorMessage
No avatar
Posted: Fri Aug 08, 2008 22:52
Author: Blocked
LAS VEGAS -- Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.

Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.

"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.

"What this means is that almost any vulnerability in the browser is trivially exploitable," Dai Zovi added. "A lot of exploit defenses are rendered useless by browsers. ASLR and hardware DEP are completely useless against these attacks."

Many of the defenses that Microsoft added to Vista and Windows Server 2008 are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process's stack, heap and libraries. That technique is useful against memory-corruption attacks, but Dai Zovi said that against Dowd's and Sotirov's methods, it would be of no use.

"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."

Microsoft officials have not responded to Dowd's and Sotirov's findings, but Mike Reavey, group manager of the Microsoft Security Response Center, said Wednesday that the company is aware of the research and is interested to see it once it becomes public.

Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.

"This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon, sort of like heap spraying was."

Post a Reply    

Forum Search


  search in post message
  search in topic subject
Forum


Home - Browse Torrents - Upload Torrent - Stat - Forum - FAQ - Login
ExtraTorrent.cc is in compliance with copyrights
BitCoin: 12DiyqsWhENahDzdhdYsRrCw8FPQVcCkcm
Can't load ExtraTorrent? Try our official mirrors: etmirror.com - etproxy.com - extratorrentonline.com - extratorrentlive.com
2006-2017 ExtraTorrent.cc1