Sunday, August 24, 2008

Vista Blown Open By Unstoppable Hack

The genius of this is that it's completely reusable...That's completely game over.- Dino Dai Zovi

Search Security reports during a charged presentation at the Black Hat hacking conference last week Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov of VMware Inc revealed a fatal flaw in Windows Vista which potentially blows the OS wide open and in such a way that it cannot be fixed.

Their method involves using scripting systems such as Java and elements of the .NET framework to run malicious code. This code attacks Vista's Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) technologies and allows the hackers to load any content they desire to any location on a user's machine.

"The genius of this is that it's completely reusable," said Security specialist Dino Dai Zovi to Search Security. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over. "What this means is that almost any vulnerability in the browser is trivially exploitable."

Naturally enough the entry method of choice is through Internet Explorer but it is not limited to this. The approach can also potentially be applied to other operating systems such as Windows XP and Mac OS X.

Unsurprisingly Microsoft has yet to comment on this as it no doubt takes a long hard look at Dowd and Sotirov's findings. Of course these are likely to go public soon so expect this to be a red hot topic over the comings months.

Please refer here for more details.

No comments: