Posted 08/11/08 at 07:59:58 PM by Mark Edward Soper

As we told you last week, Microsoft rolled out two new security programs, Microsoft Active Protections Program and Microsoft Exploitability Index, during the Black Hat USA 2008 Conference. Unfortunately for Microsoft, the same conference saw a presentation by security experts Mark Dowd and Alexander Sotirov that renders these and other protections for Windows Vista, including its much-touted Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP) features, effectively null and void.

Dowd and Sotirov's presentation, How To Impress Girls With Browser Memory Protection Bypasses, made their point by beginning their presentation with a live exploit against IE7 on Windows Vista. And, as the photo at the top of this article suggests (from page 40 of the presentation), it does seem to impress the girls!

How did they do it? The full presentation (available here in PDF format) is quite technical, but here's the short version. according to SC Magazine:

In explaining the problem, the researchers said that most memory protection mechanisms are based on two things: detecting corruption and stopping common exploit patterns, and attempts to reinforce these are integral to Vista. But in many cases, some of the built-in protection mechanisms in Vista are not enabled by default for compatibility reasons.

“At the desktop level, compromises had to be made because of compatibility issues. Exploiters have a lot more control over browsers,” Sotirov said.

And in many cases, third-party applications are not compiled to use the Vista memory protections. For example, Java and Flash are not compiled using the critical protection called ASLR.

What can be done? My take: Microsoft needs to rethink the balance of compatibility versus protection, do a better job of informing users of what's protected and what's not, and get third-party application vendors to take advantage of the protection features in Vista. What about ordinary users like us? Watch out for compromised legitimate websites, and, as always, as our own Will Smith says, think before you click.

What's your take on Vista and other browser security issues? See us after the jump for your chance to sound off.
 

Read More

Comments 

1

TAGS 

vista, microsoft, Security, Windows Vista, exploit, IE7, Operating Systems, Black Hat 2008, DEP, ASLR

Posted 08/06/08 at 04:30:59 PM by Mark Edward Soper

Microsoft announced two new security programs at the Black Hat USA 2008 Conference:

• Microsoft Active Protections Program (MAPP)
• Microsoft Exploitability Index

MAPP provides advance notification to third-party security providers of vulnerabilities that are being addressed by Microsoft security updates, such as the ones rolled out each month on "Patch Tuesday." MAPP is designed to help stop exploits that are launched between the announcement of upcoming patches and the availability of patches. MAPP starts in October, according to eWeek.

Security providers can learn more about MAPP by downloading the fact sheet (MS Word 97-2003 format). For additional insight from a former military and government security specialist who now works for Microsoft, see Steve Adegbite's blog entry about MAPP.

The Microsoft Exploitability Index will provide ratings of how likely each vulnerability is to being successfully exploited. The index will rate each vulnerability at one of three levels:

• Consistent exploit code likely
• Inconsistent exploit code likely
• Functioning exploit code unlikely

Microsoft's fact sheet suggests (MS Word 97-2003 format) that vulnerabilities with the "Consistent" rating should be treated as the most serious threats, followed by the others. To get more insight into the need for this index, see Microsoftie Mike Reavey's blog entry (Reavey is part of the Microsoft Security Response Center). The index will be included with each new security bulletin, also starting in October.

For your chance to sound off about Microsoft's newest security initiatives, see us after the jump.

Read More

Comments 

0

TAGS 

windows, microsoft, Security, exploit, Patch Tuesday, security bulletin, Black Hat 2008

Posted 07/17/08 at 07:29:26 PM by Mark Edward Soper

In a recent Handler's Diary entry on the SANS Internet Storm Center website, Lorna Hutchison points out that the survival time for unpatched systems is currently around 4 minutes. In other words, if you connect an unpatched system to the Internet without a router or firewall, it will probably be infected in about 4 minutes.

Whether you work in a large enterprise, small business, or are the network guru to your own home's PCs, the pressure to connect a new system right now can be overwhelming. To find out how you can head off trouble by hardening a new (or reloaded) system before it gets its first whiff of the Internet, join us after the jump.

Read More

Comments 

0

TAGS 

windows, microsoft, Security, Internet, malware, service pack, hotfix, exploit, Bot, unpatched

Posted 07/15/08 at 07:01:40 PM by Mark Edward Soper

ZDNet's ZeroDay security blog reports that software engineering and reverse engineering expert and author Kris Kapersky is ready to prove that bugs in Intel CPUs can be exploited by various types of attacks. Kapersky will be speaking at the 2008 Hack in the Box Security Conference in Kuala Lumpur, Maylasia, in October.

To find out how Kapersky plans to prove his theory, read on after the jump.

Read More

Comments 

0

TAGS 

intel, Security, processor, exploit, bug

Posted 07/02/08 at 03:38:58 PM by Mark Edward Soper

Framed web pages are everywhere - but IE isn't ready to handle iFrame hijacking. ZDNet's Zero Day blog repots that exploit code is now available online to demonstrate how to perform malicious attacks against IE7 as well as IE6 and even IE8 beta 1. Even if your version of IE is fully patched, it's not ready to handle this vulnerability.

To find out how the threat works, join us after the break.

Read More

Comments 

0

TAGS 

windows, Software, Security, Internet Explorer, exploit, IE7, vulnerability, IE, IE6, IE8 beta 1

Posted 03/27/08 at 02:42:00 PM by David Murphy

Who's Byron Ng? A total tool, that's who. He's the one who ran a few Google searches and tipped off the Associated Press about a Facebook exploit that's been passing around the 'net for months now. The AP picked up the story and put it in every newspaper under the sun, making him a minor campus celebrity who's now forever disinvited to Facebook Club. It also tippped off Facebook to what was going on, and the company was quick to plug the exploit.

Click Read More for more. 

Read More

Comments 

6

TAGS 

Security, photo, news, facebook, how_to, exploit, hack, nude

Posted 10/12/07 at 07:57:20 AM by Mark 'Marcus Soperus' Soper

Put Adobe Acrobat or Adobe Reader together with Windows XP and Internet Explorer 7, and what do you have? A significant threat to your PC. Learn how to protect yourself.

Read More

Comments 

2

TAGS 

windows xp, malware, threat, exploit, Adobe Acrobat, Adobe Reader, Internet Explorer 7, IE7, vulnerability

Posted 09/24/07 at 11:32:52 PM by Mark Soper

Googling your way around the Internet? Watch out - cross site scripting (XSS) makes Google and other sites less safe than you think.

Read More

Comments 

1

TAGS 

phishing, XSS, cross site scripting, pharming, threat, exploit, browser