Shattering Windows

← Back to Stories (view on slashdot.org)

Posted by timothy on Tuesday August 6, 2002 @07:54AM from the fundamentalism dept.

ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."

14 of 772 comments (clear)

Someone discovered Windows is insecure. by SpanishInquisition · 2002-08-06 07:56 · Score: 5, Funny

Film at 11

--
Je t'aime Stéphanie
Isn't this in the EULA anyway? by Dynamoo · 2002-08-06 07:58 · Score: 5, Funny

"Essentially, they allow you to take control of any window on your desktop".. sounds like it's straight out of Microsoft's new EULAs.

--
Never email donotemail@WeAreSpammers.com
Evolving Concepts at Microsoft are Frightening by guttentag · 2002-08-06 08:09 · Score: 5, Funny

We're doing this thing called "Trustworthy Computing." It's an evolving concept.
It starts out meaning "We are worthy of your trust."
Then it evolves to mean "You trust us."
Then it evolves to mean "You trust only us."
Then it evolves to mean "All your base are belong to us."
no, no..... by Lord_Slepnir · 2002-08-06 08:20 · Score: 5, Funny

Their EULA reads "Essentially, you will allow us to take control of any window on your desktop." Glad I could clear that up.
High opinion by timothy_m_smith · 2002-08-06 08:21 · Score: 4, Funny

Here is what the author had to say about himself at the end of the paper:
Foon, AKA Chris Paget, first started programming on a ZX81 at the age of 4. He's been working with computers for longer than most of the bosses he's had. After extending a BBC B to include an ADC capable of filling the machine's memory in less than 2 seconds and scaring the cleaners with automated voice warnings when they entered his room, he got bored and moved onto PC's and Windows, where the majority of his skills lie. Able to program in 23 languages on 14 platforms, Foon takes an average of 3 days to learn a new programming language. He's currently available as a freelance security consultant - his CV is available on request.
Aren't we the most important programmer ever!
1. Re:High opinion by Anonymous Coward · 2002-08-06 08:33 · Score: 4, Funny
  
  He also has never talked to, nevermind had sex with, a woman. He finds that he has trouble making friends, partially because of his inability to talk about anything besides the 23 languages and 14 platforms he can program for, and the onion-like smell which lingers behind is unshaven, rarely cleaned body. In order to make up for his indescribably small penis, Chris brings up debate in favor of technologies to boost his ego such as functional programming, UNIX, and any one of the 23 languages on 14 platforms already mentioned twice before that he can program for and you can't.
2. Re:High opinion by greygent · 2002-08-06 08:54 · Score: 4, Funny
  
  This poster finds it narcissistic and silly that the author wrote about herself in the 3rd person.
Windows Exploit - most dangerous! by teamhasnoi · 2002-08-06 08:37 · Score: 5, Funny

Look for a period by itself on the bottom left of the screen. It looks like an off-pixel. Hold down "Shift", then click on it.
Bam! Root access.
This works on the systems of the DMV, FBI, DOD, Equifax, Telephone and Utillity companies.
I couldn't believe it myself! I said, "This is so easy, even Sandra Bullock could hack this!"
Re:Don't Do That by handorf · 2002-08-06 08:48 · Score: 4, Funny

How dare you have a reasonable opinion on slashdot! My army of trained flamemeisters has been dispatched to beat you about the head and neck with copies of "The Road Ahead"

Windows is insecure. Linux is insecure. PROGRAMS are insecure.

--
-- IANAEG - I am not an elder god.
Re:Don't Do That by _Sprocket_ · 2002-08-06 09:05 · Score: 3, Funny

You must LOVE the old joke:

patient: Doctor, it hurts when I do this.
doctor: Well then, don't do that!
Re:Fixability by b0bd0bbs · 2002-08-06 09:22 · Score: 5, Funny

AFAIK you can still allocate ring 3 descriptors via windows DPMI calls, change them to ring 0 descriptors via an LDT mapping (which is legal in pmode the way windows sets things up), then execute any code in your program as ring 0. Woohoo. That *feature* has been around for at least 6 years.
Re:How do you rescind acceptance of the EULA? by Bingo+Foo · 2002-08-06 10:21 · Score: 3, Funny

Or if Microsoft has somewhere noted your initial agreement, is it in perpetuity? Does Microsoft permanently own that box?
Here is where many people get confused by legal definitions and concepts of property, contracts, and so forth. Allow me to attempt to clear this up: Microsoft does not "own" your box. In legal parlance, Microsoft "0wnz j00!!!!!"

--
taken! (by Davidleeroth) Thanks Bingo Foo!
Re:Executing untrusted code by Enigma2175 · 2002-08-06 13:28 · Score: 4, Funny

You forgot

3) Profit

It had to be said...

--
Enigma
Re:Nice try by Alsee · 2002-08-06 14:55 · Score: 3, Funny

Shouldn't that read Recognition! Fame! Fortune! Coverage! Beer! ?

I fail to see how post some techie-sounding text related to some vague problem with Windows is supposed to lead to girls :)

-

--
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.