Posted 08/11/08 at 07:59:58 PM by Mark Edward Soper

As we told you last week, Microsoft rolled out two new security programs, Microsoft Active Protections Program and Microsoft Exploitability Index, during the Black Hat USA 2008 Conference. Unfortunately for Microsoft, the same conference saw a presentation by security experts Mark Dowd and Alexander Sotirov that renders these and other protections for Windows Vista, including its much-touted Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP) features, effectively null and void.
Dowd and Sotirov's presentation, How To Impress Girls With Browser Memory Protection Bypasses, made their point by beginning their presentation with a live exploit against IE7 on Windows Vista. And, as the photo at the top of this article suggests (from page 40 of the presentation), it does seem to impress the girls!
How did they do it? The full presentation (available here in PDF format) is quite technical, but here's the short version. according to SC Magazine:
In explaining the problem, the researchers said that most memory protection mechanisms are based on two things: detecting corruption and stopping common exploit patterns, and attempts to reinforce these are integral to Vista. But in many cases, some of the built-in protection mechanisms in Vista are not enabled by default for compatibility reasons.
“At the desktop level, compromises had to be made because of compatibility issues. Exploiters have a lot more control over browsers,” Sotirov said.
And in many cases, third-party applications are not compiled to use the Vista memory protections. For example, Java and Flash are not compiled using the critical protection called ASLR.
What can be done? My take: Microsoft needs to rethink the balance of compatibility versus protection, do a better job of informing users of what's protected and what's not, and get third-party application vendors to take advantage of the protection features in Vista. What about ordinary users like us? Watch out for compromised legitimate websites, and, as always, as our own Will Smith says, think before you click.
What's your take on Vista and other browser security issues? See us after the jump for your chance to sound off.
Posted 07/02/08 at 03:38:58 PM by Mark Edward Soper

Framed web pages are everywhere - but IE isn't ready to handle iFrame hijacking. ZDNet's Zero Day blog repots that exploit code is now available online to demonstrate how to perform malicious attacks against IE7 as well as IE6 and even IE8 beta 1. Even if your version of IE is fully patched, it's not ready to handle this vulnerability.
To find out how the threat works, join us after the break.
Posted 03/05/08 at 10:32:54 PM by Mark Soper
You can now give the future of Microsoft web browsing, Internet Explorer 8, a try. Discover how to try it safely.
Posted 12/20/07 at 11:12:33 AM by Mark Soper
Singing the blues because Microsoft Security Update MS07-069's done a number on Internet Explorer 6 on Windows XP SP2? We've got the definitive workaround - straight from Redmond.
Posted 12/19/07 at 04:42:03 PM by Mark Soper
Microsoft's MS07-069 Security Update's been breaking browsers everywhere. Until Redmond gets its act together, here's a solution and a workaround that enable you to keep browsing and Windows Updating.
Posted 10/12/07 at 07:57:20 AM by Mark 'Marcus Soperus' Soper
Put Adobe Acrobat or Adobe Reader together with Windows XP and Internet Explorer 7, and what do you have? A significant threat to your PC. Learn how to protect yourself.
Posted 08/24/07 at 08:19:16 AM by Maximum PC Staff
The complete PDF archive of the February 2007 edition of Maximum PC, every article included, every page posted! Download it now!
7 NEW COMMENT(S) | 7 TOTAL COMMENTS
7 NEW COMMENT(S) | 7 TOTAL COMMENTS





