Shattering Windows

← Back to Stories (view on slashdot.org)

Posted by timothy on Tuesday August 6, 2002 @07:54AM from the fundamentalism dept.

ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."

22 of 772 comments (clear)

Someone discovered Windows is insecure. by SpanishInquisition · 2002-08-06 07:56 · Score: 5, Funny

Film at 11

--
Je t'aime Stéphanie
Isn't this in the EULA anyway? by Dynamoo · 2002-08-06 07:58 · Score: 5, Funny

"Essentially, they allow you to take control of any window on your desktop".. sounds like it's straight out of Microsoft's new EULAs.

--
Never email donotemail@WeAreSpammers.com
Evolving Concepts at Microsoft are Frightening by guttentag · 2002-08-06 08:09 · Score: 5, Funny

We're doing this thing called "Trustworthy Computing." It's an evolving concept.
It starts out meaning "We are worthy of your trust."
Then it evolves to mean "You trust us."
Then it evolves to mean "You trust only us."
Then it evolves to mean "All your base are belong to us."
no, no..... by Lord_Slepnir · 2002-08-06 08:20 · Score: 5, Funny

Their EULA reads "Essentially, you will allow us to take control of any window on your desktop." Glad I could clear that up.
High opinion by timothy_m_smith · 2002-08-06 08:21 · Score: 4, Funny

Here is what the author had to say about himself at the end of the paper:
Foon, AKA Chris Paget, first started programming on a ZX81 at the age of 4. He's been working with computers for longer than most of the bosses he's had. After extending a BBC B to include an ADC capable of filling the machine's memory in less than 2 seconds and scaring the cleaners with automated voice warnings when they entered his room, he got bored and moved onto PC's and Windows, where the majority of his skills lie. Able to program in 23 languages on 14 platforms, Foon takes an average of 3 days to learn a new programming language. He's currently available as a freelance security consultant - his CV is available on request.
Aren't we the most important programmer ever!
1. Re:High opinion by Anonymous Coward · 2002-08-06 08:33 · Score: 4, Funny
  
  He also has never talked to, nevermind had sex with, a woman. He finds that he has trouble making friends, partially because of his inability to talk about anything besides the 23 languages and 14 platforms he can program for, and the onion-like smell which lingers behind is unshaven, rarely cleaned body. In order to make up for his indescribably small penis, Chris brings up debate in favor of technologies to boost his ego such as functional programming, UNIX, and any one of the 23 languages on 14 platforms already mentioned twice before that he can program for and you can't.
2. Re:High opinion by greygent · 2002-08-06 08:54 · Score: 4, Funny
  
  This poster finds it narcissistic and silly that the author wrote about herself in the 3rd person.
3. Re:High opinion by stor · 2002-08-06 14:37 · Score: 2, Funny
  
  Heh, I can't help imitating C3POs voice when reading that.
  
  Cheers
  Stor
  
  --
  "Yeah well there's a lot of stuff that should be, but isn't"
Re:Take control? by Anonymous Coward · 2002-08-06 08:28 · Score: 1, Funny

bah. thats nothing.
check mine out.
Original Install Date: 2/1/2000, 01:42:37 PM
System Up Time: 700 Days, 8 Hours, 4 Minutes, 15 Seconds
C:\> ver

Windows 98 [Version 4.10.2222]
Re:Scott Charney by Anonymous Coward · 2002-08-06 08:29 · Score: 1, Funny

Oops--my cat jumped on the keyboard and submitted my post before I got into my favorite Scott Charney anecdote. Back in the U. Mich. days, Scott and I were discussing userspace security in the Win32 API. Scott wanted a little bit of time to think over my suggestion about modifications to msgsrv32.dll, so I excused myself. As I stood up to leave Scott said "Your barn door is open". Before I could look down to check, Scott yanked on my waistband and poured a bowl of hot grits down my pants. It was sticky and hot.

Oliver u r teh TRLOL.
Windows Exploit - most dangerous! by teamhasnoi · 2002-08-06 08:37 · Score: 5, Funny

Look for a period by itself on the bottom left of the screen. It looks like an off-pixel. Hold down "Shift", then click on it.
Bam! Root access.
This works on the systems of the DMV, FBI, DOD, Equifax, Telephone and Utillity companies.
I couldn't believe it myself! I said, "This is so easy, even Sandra Bullock could hack this!"
Re:Don't Do That by handorf · 2002-08-06 08:48 · Score: 4, Funny

How dare you have a reasonable opinion on slashdot! My army of trained flamemeisters has been dispatched to beat you about the head and neck with copies of "The Road Ahead"

Windows is insecure. Linux is insecure. PROGRAMS are insecure.

--
-- IANAEG - I am not an elder god.
Re:Don't Do That by _Sprocket_ · 2002-08-06 09:05 · Score: 3, Funny

You must LOVE the old joke:

patient: Doctor, it hurts when I do this.
doctor: Well then, don't do that!
Re:Fixability by b0bd0bbs · 2002-08-06 09:22 · Score: 5, Funny

AFAIK you can still allocate ring 3 descriptors via windows DPMI calls, change them to ring 0 descriptors via an LDT mapping (which is legal in pmode the way windows sets things up), then execute any code in your program as ring 0. Woohoo. That *feature* has been around for at least 6 years.
Is this the Allchin bug? by Old+time+hacker · 2002-08-06 09:32 · Score: 2, Funny

Do you think that this problem is the one that Jim Allchin described as dangerous to national security?
If it is, then it seems a bit dishonest for the microsoft message author (Dave at the Security Response Center) to say that they don't consider it to be a bug.
If it isn't, then there must be another problem which is even more serious. Oh dear!
Re:Virus in his code by Clowning · 2002-08-06 10:13 · Score: 2, Funny

"I wouldn't recommend running it on a production machine hooked up to anything..."

Do you mean Windows or the exploit?
Re:How do you rescind acceptance of the EULA? by Bingo+Foo · 2002-08-06 10:21 · Score: 3, Funny

Or if Microsoft has somewhere noted your initial agreement, is it in perpetuity? Does Microsoft permanently own that box?
Here is where many people get confused by legal definitions and concepts of property, contracts, and so forth. Allow me to attempt to clear this up: Microsoft does not "own" your box. In legal parlance, Microsoft "0wnz j00!!!!!"

--
taken! (by Davidleeroth) Thanks Bingo Foo!
Re:Just so you know... AFAIK by dimator · 2002-08-06 10:38 · Score: 2, Funny

And THANK YOU very much for linking to e2. I'll be clicking around there for a good 2 hours now, thanks for killing my productivity.

--
python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
Re:Don't Do That by Anonymous Coward · 2002-08-06 11:52 · Score: 1, Funny

Well, GNU is an (incomplete) operating system, but it's owned by the Free Software Foundation, whose address is:
Free Software Foundation
59 Temple Place - Suite 330
Boston, MA 02111-1307, USA
Any other questions?
Re:Executing untrusted code by Enigma2175 · 2002-08-06 13:28 · Score: 4, Funny

You forgot

3) Profit

It had to be said...

--
Enigma
Re:Like GTK by dfinster · 2002-08-06 14:35 · Score: 2, Funny

Given the huge outcry about GTK+, I'm impressed that MS has had the same flaw, but for so much longer, with no one talking about it.

I knew there was some advantage to closed-source...
Re:Nice try by Alsee · 2002-08-06 14:55 · Score: 3, Funny

Shouldn't that read Recognition! Fame! Fortune! Coverage! Beer! ?

I fail to see how post some techie-sounding text related to some vague problem with Windows is supposed to lead to girls :)

-

--
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.