Slashdot Mirror


Defeating XP SP2 Heap Protection

hobo2k writes "XP SP2 included canary values and hardware-implemented execution protection in order to avoid exploitable buffer overruns. Now Positive Technologies has released an article describing one way that protection could be bypassed. To solve the problem, they provide a program which disables the small allocation heap as described here. CNET reports that SP2 has been foiled."

7 of 242 comments (clear)

  1. i know the drill by numike · · Score: 5, Funny

    firefox

  2. Re:SP2 what? by A+beautiful+mind · · Score: 5, Funny

    it's like putting on a second condom AFTER sex when the first one proved to be leaking.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  3. Just hold down Ctrl. by agent+dero · · Score: 4, Funny

    C'mon, this has been known for a while ;)

    --
    Error 407 - No creative sig found
  4. Re:Can you blame them? by grolschie · · Score: 4, Funny

    > Microsoft and security?

    > Chalk and cheese?

    Don't you mean simply "swiss cheese"? ;-)

  5. Re:And this by Anonymous Coward · · Score: 4, Funny

    I'm shocked! I have been reading all these independent studies, and according to Forrester, Windows users have fewer vulnerabilities. Check it out yourself, if you don't believe!
    http://www.microsoft.com/windowsserversy stem/facts /analyses/default.mspx#EHAA

    It's a fact. So this vulnerability, and the dozen others I've been patching at the work, are just some kind of imagination. Or maybe Linux / BSD / OS X users have just amazing amounts of vulnerabilities (counted together, OS & apps).

    I'm drunk. And it's not a surprise. Every hardcore Linux geek (like myself), who has to maintain Windows networks for living, have more drinking problems than those who are using solely operating systems and software which are free as speech (as opposed to beer).

    Responsible for security of Windows network? Next recommendation for security enhancements: different operating systems, no more IE. If there are costs, then they're definitely worth it. Microsoft has proved that they don't care. All they care is money, monopoly and marketing (FUD / brainwashing / propaganda).

  6. Re:Is that link to MS correct by DarkMantle · · Score: 5, Funny

    You expect the links and the article to be related?

    You expect too much from the editors.

    --
    DarkMantle I been bored, so I started a blog.
  7. Re:SP2 what? by ozbird · · Score: 4, Funny

    To take the analogy further, does that make Linux the morning-after pill?