The Best IE7 News, Reviews, Features, and Forums | MaximumPC - All of the Best Software and Hardware Reviews

NewsGood News for Lonely Geeks, Bad News For Vista: How To Impress Girls With Browser Memory Protection Bypasses

Posted 08/11/08 at 07:59:58 PM by Mark Edward Soper

As we told you last week, Microsoft rolled out two new security programs, Microsoft Active Protections Program and Microsoft Exploitability Index, during the Black Hat USA 2008 Conference. Unfortunately for Microsoft, the same conference saw a presentation by security experts Mark Dowd and Alexander Sotirov that renders these and other protections for Windows Vista, including its much-touted Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP) features, effectively null and void.

Dowd and Sotirov's presentation, How To Impress Girls With Browser Memory Protection Bypasses, made their point by beginning their presentation with a live exploit against IE7 on Windows Vista. And, as the photo at the top of this article suggests (from page 40 of the presentation), it does seem to impress the girls!

How did they do it? The full presentation (available here in PDF format) is quite technical, but here's the short version. according to SC Magazine:

In explaining the problem, the researchers said that most memory protection mechanisms are based on two things: detecting corruption and stopping common exploit patterns, and attempts to reinforce these are integral to Vista. But in many cases, some of the built-in protection mechanisms in Vista are not enabled by default for compatibility reasons.

“At the desktop level, compromises had to be made because of compatibility issues. Exploiters have a lot more control over browsers,” Sotirov said.

And in many cases, third-party applications are not compiled to use the Vista memory protections. For example, Java and Flash are not compiled using the critical protection called ASLR.

What can be done? My take: Microsoft needs to rethink the balance of compatibility versus protection, do a better job of informing users of what's protected and what's not, and get third-party application vendors to take advantage of the protection features in Vista. What about ordinary users like us? Watch out for compromised legitimate websites, and, as always, as our own Will Smith says, think before you click.

What's your take on Vista and other browser security issues? See us after the jump for your chance to sound off.

Comments: 1
TAGS: vista, microsoft, Security, Windows Vista, exploit, IE7, Operating Systems, Black Hat 2008, DEP, ASLR

NewsIE (and You) Vulnerable to iFrame Vulnerability

Posted 07/02/08 at 03:38:58 PM by Mark Edward Soper

All versions of IE vulnerable to iFrame exploit

Framed web pages are everywhere - but IE isn't ready to handle iFrame hijacking. ZDNet's Zero Day blog repots that exploit code is now available online to demonstrate how to perform malicious attacks against IE7 as well as IE6 and even IE8 beta 1. Even if your version of IE is fully patched, it's not ready to handle this vulnerability.

To find out how the threat works, join us after the break.

Comments: 0
TAGS: windows, Software, Security, Internet Explorer, exploit, IE7, vulnerability, IE, IE6, IE8 beta 1

NewsIE8 Beta 1? Ready for Downloading Now, but Not Yet Ready for Primetime

Posted 03/05/08 at 10:32:54 PM by Mark Soper

You can now give the future of Microsoft web browsing, Internet Explorer 8, a try. Discover how to try it safely.

Comments: 6
TAGS: vista, windows, Software, news, XP, IE7, IE6, Vista SP1, IE8

NewsMS07-069 Windows XP Woes Solved (and We Suggested It First!)

Posted 12/20/07 at 11:12:33 AM by Mark Soper

Singing the blues because Microsoft Security Update MS07-069's done a number on Internet Explorer 6 on Windows XP SP2? We've got the definitive workaround - straight from Redmond.

Comments: 3
TAGS: windows, Software, news, windows xp, Internet Explorer, IE7, Patch Tuesday, IE6, security update

NewsBedeviled by IE Browser Crashes? Try These Fixes

Posted 12/19/07 at 04:42:03 PM by Mark Soper

Microsoft's MS07-069 Security Update's been breaking browsers everywhere. Until Redmond gets its act together, here's a solution and a workaround that enable you to keep browsing and Windows Updating.

Comments: 4
TAGS: microsoft, Software, news, windows xp, Windows Vista, knowledge base, Internet Explorer, IE7, IE, IE6, closed source, use firefox, terribad

FROM THE ARCHIVEDidn't Ask for That PDF File? Watch Out!

Posted 10/12/07 at 07:57:20 AM by Mark 'Marcus Soperus' Soper

Put Adobe Acrobat or Adobe Reader together with Windows XP and Internet Explorer 7, and what do you have? A significant threat to your PC. Learn how to protect yourself.