Slashdot Mirror

← Back to Stories (view on slashdot.org)

Defeating XP SP2 Heap Protection

Posted by michael on from the secure-by-design dept.

hobo2k writes "XP SP2 included canary values and hardware-implemented execution protection in order to avoid exploitable buffer overruns. Now Positive Technologies has released an article describing one way that protection could be bypassed. To solve the problem, they provide a program which disables the small allocation heap as described here. CNET reports that SP2 has been foiled."

20 of 242 comments (clear)

  1. i know the drill by numike · · Score: 5, Funny

    firefox

  2. You don't mean..?! by Rosco+P.+Coltrane · · Score: 2, Funny

    Now Positive Technologies has released an article describing one way that protection could be bypassed.

    A security problem in Windows? no way...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. SP2 what? by warderz · · Score: 2, Funny

    Protection? What protection?

    1. Re:SP2 what? by A+beautiful+mind · · Score: 5, Funny

      it's like putting on a second condom AFTER sex when the first one proved to be leaking.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
    2. Re:SP2 what? by ozbird · · Score: 4, Funny

      To take the analogy further, does that make Linux the morning-after pill?

    3. Re:SP2 what? by NanoGator · · Score: 2, Funny

      "it's like putting on a second condom AFTER sex when the first one proved to be leaking."

      Oh....

      Er.. could we use metaphors that most of us could wrap our minds around?

      --
      "Derp de derp."
    4. Re:SP2 what? by Anonymous Coward · · Score: 1, Funny

      It's like reaching for the tissue AFTER...

    5. Re:SP2 what? by Anonymous Coward · · Score: 2, Funny

      > > it's like putting on a second condom AFTER sex when the first one proved to be leaking.

      > To take the analogy further, does that make Linux the morning-after pill?

      No. Linux is like masturbation. And BSD is like necrophilia.

    6. Re:SP2 what? by wxjones · · Score: 3, Funny

      Actually, running Linux is like wearing a plaid hat with earflaps. Best birth control known to man! Come to think of it, its Saturday night and I'm posting on slashdot...using Linux. At least my ears are warm.

      --
      My SIG is a P226
    7. Re:SP2 what? by SmittyTheBold · · Score: 2, Funny

      Yeah, so sorry about the AIDS you already contracted.

      Remember: the only safe computing is NO COMPUTING. If you feel like you have to use a computer, then staying off-line is the only sure way to stay disease-free. There's nothing shameful about it; you'll not go blind.

      Now, since I know you kids are going to want to play your Counter Strike anyway, it's best to make sure you only game with people you already know and trust. Don't deathmatch with that hussy you found at the airport bar, and never accept files from strangers. You don't know who else they've swapped files with.

      --
      ± 29 dB
  4. Just hold down Ctrl. by agent+dero · · Score: 4, Funny

    C'mon, this has been known for a while ;)

    --
    Error 407 - No creative sig found
  5. Re:Can you blame them? by grolschie · · Score: 4, Funny

    > Microsoft and security?

    > Chalk and cheese?

    Don't you mean simply "swiss cheese"? ;-)

  6. Re:And this by Anonymous Coward · · Score: 4, Funny

    I'm shocked! I have been reading all these independent studies, and according to Forrester, Windows users have fewer vulnerabilities. Check it out yourself, if you don't believe!
    http://www.microsoft.com/windowsserversy stem/facts /analyses/default.mspx#EHAA

    It's a fact. So this vulnerability, and the dozen others I've been patching at the work, are just some kind of imagination. Or maybe Linux / BSD / OS X users have just amazing amounts of vulnerabilities (counted together, OS & apps).

    I'm drunk. And it's not a surprise. Every hardcore Linux geek (like myself), who has to maintain Windows networks for living, have more drinking problems than those who are using solely operating systems and software which are free as speech (as opposed to beer).

    Responsible for security of Windows network? Next recommendation for security enhancements: different operating systems, no more IE. If there are costs, then they're definitely worth it. Microsoft has proved that they don't care. All they care is money, monopoly and marketing (FUD / brainwashing / propaganda).

  7. Re:Is that link to MS correct by DarkMantle · · Score: 5, Funny

    You expect the links and the article to be related?

    You expect too much from the editors.

    --
    DarkMantle I been bored, so I started a blog.
  8. And yet by HackNack · · Score: 3, Funny

    When asked about the problem Steve Ballmer said that Linux sucks.

  9. foiled? by gardyloo · · Score: 3, Funny

    CNET reports that SP2 has been foiled.

    Shouldn't that read tin-foiled? C'mon, slashdot, standards?

  10. Yep... by rbochan · · Score: 2, Funny

    ...probably Nick McGrath ;o)

    --
    ...Rob
    The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
  11. Re:Oh no! by HackNack · · Score: 1, Funny

    I don't know about the others but I'm still choking it like it owes me money. That GPL is so hot!

  12. Re:It shouldn't be a suprise. by Anonymous Coward · · Score: 1, Funny

    yep, with ENTER HERE written all over it

  13. Re:NX bit? by Anonymous Coward · · Score: 1, Funny

    Yeah, it's kind of silly for them to focus on a problem with software DEP instead of hardware DEP.

    I mean, hardware DEP is available on <1% of the installed base - and the base is growing! Within 5 years this won't be an issue at all.

    Well, unless you're using hardware that >5 years old at that time. But that's crazy talk - I mean, everyone replaces their system every 6 months.