Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shattering Windows

Posted by timothy on from the fundamentalism dept.

ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."

6 of 772 comments (clear)

  1. Someone discovered Windows is insecure. by SpanishInquisition · · Score: 5, Funny

    Film at 11

    --
    Je t'aime Stéphanie
  2. Isn't this in the EULA anyway? by Dynamoo · · Score: 5, Funny

    "Essentially, they allow you to take control of any window on your desktop".. sounds like it's straight out of Microsoft's new EULAs.

    --
    Never email donotemail@WeAreSpammers.com
  3. Evolving Concepts at Microsoft are Frightening by guttentag · · Score: 5, Funny
    We're doing this thing called "Trustworthy Computing." It's an evolving concept.
    It starts out meaning "We are worthy of your trust."

    Then it evolves to mean "You trust us."

    Then it evolves to mean "You trust only us."

    Then it evolves to mean "All your base are belong to us."

  4. no, no..... by Lord_Slepnir · · Score: 5, Funny

    Their EULA reads "Essentially, you will allow us to take control of any window on your desktop." Glad I could clear that up.

  5. Windows Exploit - most dangerous! by teamhasnoi · · Score: 5, Funny
    Look for a period by itself on the bottom left of the screen. It looks like an off-pixel. Hold down "Shift", then click on it.

    Bam! Root access.

    This works on the systems of the DMV, FBI, DOD, Equifax, Telephone and Utillity companies.

    I couldn't believe it myself! I said, "This is so easy, even Sandra Bullock could hack this!"

  6. Re:Fixability by b0bd0bbs · · Score: 5, Funny

    AFAIK you can still allocate ring 3 descriptors via windows DPMI calls, change them to ring 0 descriptors via an LDT mapping (which is legal in pmode the way windows sets things up), then execute any code in your program as ring 0. Woohoo. That *feature* has been around for at least 6 years.