Vista Blown Open By Unstoppable Hack

"Vista Blown Open By Unstoppable Hack "

Why am I not surprised..?

Ubuntu is looking pretty good lately...

"Vista Blown Open By Unstoppable Hack"

Oops.

"The approach can also potentially be applied to other operating systems such as Windows XP and Mac OS X."

Oh no. Nevermind!

ouch...

i'm fast loosing faith in windows vista, now...

Never leave your Windows open - a burglar might get in.

"The approach can also potentially be applied to other operating systems such as Windows XP and Mac OS X."
Mac OS X doesn't have a .NET virtual machine, and is a completely different design, with a different kernel and ecosystem to Windows, so I really doubt that claim. Shockingly, being a completely different operating system, OSX doesn't use either Vista's Address Space Layout Randomization (ASLR) (it uses randomization of some library offsets in 10.5 and above) or Data Execution Prevention (DEP) technologies. If, however, it is true, every BSD, and the Linux kernel and it's derivatives would be equally as vulnerable.

Why do these articles always seem to focus on the threat and not on the means of protection? In other words, what actions should Vista users be taking to mitigate the threat.

Is this the 'full details' you mention Gordon?
http://taossa.com/archive/bh08sotirovdowd.pdf (53 pages) written 7th August.
The final paragraph in the authors' concluding statement reads:
"The authors expect these problems to be addressed in future releases of Windows and browser plugins shipped by third parties."
So not really the 'Unstoppable hack', surely?

Gordon, are you saying that firewalls, HIPs and other protection will not do anything?

You might want to look at Ed Bott's article over at http://blogs.zdnet.com/Bott/?p=512

@Stephen Allred
Data Execution Prevention (DEP) is a good thing if used correctly (which is supported at the hardware level by a XD bit), the fact that OS X doesn't use it makes me question the security of the OS. Security is based on the weakest link so if there are no other avenues of attack, this one will remain open. Unfortunately, Apple does not go the route of Microsoft and disclose their bugs, Apple denies there are bugs in their OS and then fixes them quietly. Here's a site of someone who found a bug a day for a month in 2007. http://projects.info-pull.com/moab/

Alex Sotirov responds to Ed Bott's ZDnet's blog: "Thanks for your blog post about our research. I was horrified by the lack of understanding displayed by the tech press when they covered the paper Mark and I presented at BlackHat. You rightly point out that the sky is not falling and the flaws are not unfixable. In fact, the next versions of Flash and Java will contain specific measures that limit the impact of the techniques we presented. We expect Microsoft to follow suit as well.

Exploitation is a cat and mouse game. The paper we presented puts the offensive side at a slight advantage, but it won’t take long for the defenses to catch up. Our intention was always to nudge the software vendors into improving their defenses and I hope we will succeed."

Just a storm in a tea cup then? http://blogs.zdnet.com/Bott/?p=513

@dworvos
Did I say OSX didn't use the No eXecute (or eXecute Disable, as Intel have decided to market it) bit? No. I said OSX doesn't use the Vista's (and by that token XP's) implementation of it, which Microsoft have helpfully dubbed DEP (which, you may like to note, is by default only active on essential OS processes).
You think Microsoft discloses it's bugs? More fool you. As for the bug a day for a month, that's 31 bugs in a modern OS. That's really not surprising.

Windows are a pane