Shattering Windows

ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."

Re:Is this really a security risk?

[topham]

A user opens a damn attachment, which you've told them not to do a hundred times, but one of them does it anyway...

No problem right, the attachment runs as that user and the damage is restricted? Only it isn't, because the attachment escalates itself to localsystem privledge and now starts really screwing around.

With any luck it drops itself on the network somewhere and some other soul mistakenly runs it and it gets domain privledges...

Re:Take control?

[MORTAR_COMBAT!]

completely agree. nearly ever XP and 2K blue screen i had was due to:

1) faulty hardware, e.g., bad memory chip
2) incredibly bad driver (which admittedly shouldn't crash the OS... but that's another discussion)
3) incredibly, incredibly bad software (which again shouldn't crash the OS... but that's yet another discussion)

Re:Virus in his code

[kawika]

Duh! The exploit is *intended* to be malicious code that causes a buffer overrun in an application and could be used to break into a system. That's the point!

Hint to moderators: Try "Funny" next time.

Re:Don't Do That

[pclminion]

Why can't glibc help make the world a better place by dropping dangerous functions, such as gets()

Because that's ANSI/POSIX standard.

sprintf()

Because that's ANSI/ISO/C99 standard.

strcpy()

Because that's POSIX/ISO standard.

strcat()

Because that's POSIX/ISO standard.

Are you done ripping on GNU now?