Slashdot Mirror
Shattering Windows
ChrisPaget writes: "I've just released a paper documenting and exploiting fundamental flaws in the Win32 API. Essentially, they allow you to take control of any window on your desktop, regardless of whether that window is running as you, localsystem, or anywhere in between. The technique has been discussed before, but AFAIK this is the first working exploit. Oh, did I mention it's unfixable?" You may want to read this CNET interview with Microsoft security head Scott Charney to learn even more about "trustworthy computing."
You're either full of shit or have some bad hardware in your box. Alternatively, you could just be incompetent or want to join in on the MS bashing with all the others. Either way, BS.
The END of WINDOWS? Christ, could you pack just a little more apocalyptic FUD into that statement?
This "exploit" is hardly even an exploit - it requires the ability to run arbitrary code. And if just anybody can acquire the ability to run arbitrary code, then i would say the problem runs a bit deeper than msgsvr32.dll.
Here's something to chew on, zealot: use this exploit on my win2k server. I dare you. What? You can't get in? Oh, you mean the BASIC SECURITY FEATURES BUILT INTO THE OPERATING SYSTEM HAVE THWARTED THIS EXPLOIT BEFORE IT COULD EVEN GET OFF THE GROUND? That's what I thought.
Christ, your drivel is actually making me sick. Do you actually believe what you just wrote?
No, his first mistake was running IIS.
The second was running an internet-visible server on Windows.
*shudder*
I'm a big fan of Windows workstations. They let you work quickly and get the stuff done that needs to be done. However, the need for user friendliness isn't there with servers. A server should be run and maintained by someone who knows what they're doing, both in the arenas of security and optimization. Running a webserver on Windows is somewhat indicitive of a lack of both.
I in no way, shape, or form advocate, condone, or approve of Windows servers. Not good.