2002-08-07 19:12:26+02 by Dan Lyke 1 comments
Almost lost in the flurry of updates yesterday afternoon was a /. entry pointing to an exploit technique for privilege escalation under Windows. I need to go back through it when I have more time, but given the amount of time and energy being put into .NET security classes and privileges, the Microsoft response seems a little naive.
[ related topics: Humor Microsoft moron ]
comments in descending chronological order (reverse):
#Comment made: 2002-08-07 23:26:40+02 by: meuon [edit history]
Andrew (drewcifer) was demonstrating using these techniques this morning at GeekLabs (the back room). Scary stuff, especially if you can get someone (machine or human) into executing a little code from remote. Something that does not seem hard in MS-User-Land. It also appears to be a problem at the very foundation of the Win32API and may be un-fixable.
As soon as a widespread explot exists (Can you say Outlook Worm?), then Microsoft will be forced to deal with it. But they supposedly mentioned this problem months ago when MS admitted their were flaws in MS-Land that 'threatened national security'.
My first implementation would be (if I wrote MS-code) a version that attacks computers running PC-Charge and ICVerify that fills in all boxes with someone elses credit card number.. Just for grins :)
We will not edit your comments. However, we may delete your comments, or cause them to be hidden behind another link, if we feel they detract from the conversation. Commercial plugs are fine, if they are relevant to the conversation, and if you don't try to pretend to be a consumer. Annoying endorsements will be deleted if you're lucky, if you're not a whole bunch of people smarter and more articulate than you will ridicule you, and we will leave such ridicule in place.
Flutterby™ is a trademark claimed by
Dan Lyke for the web publications at www.flutterby.com and www.flutterby.net.