bleh, another local-access vuln. this is solved with the classic Rule #0 for security.

---

well this is different than the vista attack from BH08. the end result will be the same but the vista one bypasses the new security features that were introduced in vista and xp sp2. this one either requires an attack remotely or local physical access which rule #0 "never lose physical access" should be covering at all times.

if you've got any computer that is shared. why would you share it with strangers or people you don't trust? if you HAVE to share it with the baddies then you have to know how to mitigate the risk of it being owned with a simple USB-key being inserted or a keylogger placed on the back of the machine or even one placed INSIDE the keyboard with a wireless AM radio transmitter to broadcast the keys to a nearby receiver. maybe remote attacks aren't a lot harder still, but physical ones are point-and-click no matter what OS or security you've got running. i'm sure we can all agree on that fact.



anyways my views on linux security vary from distro to distro, package to package and so on. debian isn't very good with security as we can see here. i'm not surprised they let that one slip by. they focus mainly on the user experience with ubuntu and are under lots of pressure to create more and more desktop apps. slackware, gentoo and BSD are high up there for me though. we're running several openBSD servers right now and have never had a problem with them. freebsd for all the workstations (has XP and Fedora too). i use slackware to hack, bsd in the mac, gentoo is good for when i'm trying to make my own systems for CD/USB/VM. have you ever used gentoo before kevin? its a lot easier to install these days.

---

you're actually right. i did read that one, but i was getting it mixed up with another one that i haven't read yet: Attacking the vista heap
Attacking the Vista Heap
and
How To Impress Girls With Browser Memory Protection Bypasses

the first is a new attack vector where you chain heaps together and fill the space until you can control the structure. in his words, you can potentially overflow anything.

another problem is that the 2nd presentation changed titles after the conference.

there was another vector for vista brought up by a korean guy at the conference. developers are bypassing vista's security by using low-priv folders when updating the application/components so it doesn't annoy the user with popups. unfortunately you can just use this as a priv-escalation attack and even modify XP exploit code to work on vista through this.



it'll always be like this until developers write better code that stays within the lines or MS does a top to bottom rewrite. i'm being serious here: why not go the apple route. take a BSD distro and remould it. you get security, speed, stability, documented and fairly-clean code all at once. POSIX and X11 are nice bonuses. MS has got 90,000 employees I'm sure they can write a nice looking windows system from scratch, produce some stable drivers and with MS's influence they can force hardware manufacturers to change again. I actually see no downside to MS doing this. Oh wait, they hate open source lol.


ubuntu is gay. i was really pissed after they (well, debian) fucked up with the random number generation thing. it meant that anyone who generated keys, certs, passwords, etc had to revoke, patch and reissue everything because they were predictable. it was a big deal for people who use Tor. i agree that ubuntu will never break strong into the desktop world. gOS might... but ubuntu will probably stagnate after 9.04/9.10 unless someone starts to dump millions more on it. the problem is most likely commercial support. mac users aren't as many as windows but they're desktop users at least and that means lots of money to spend on software packages. sad too, i really thought ubuntu would break the trend for a while there.

---

yeah they had to revoke all their keys :)

---