Slashdot Mirror
Vista Hacking Challenge Answered
debiansid writes "Microsoft's most secure Operating System yet
has been compromised at the Black Hat hacker conference. We all know that Andrew Cushman, Microsoft's director of security outreach invited the Black Hats over to touch and feel Vista in order to showcase the superiority of this OS. Joanna Rutkowska, from Coseinc, a Singapore-based security firm, obliged and showed how it is possible to bypass security measures in Vista that prevents unsigned code from running with the help of a little software she calls the 'Blue Pill.'" To be fair, the hack was possible only when the target is in administrator mode rather than a limited user account.
Yes, it will. In Vista, the true administrator account is hidden and disabled by default. Most people won't even know it's there, and you have to go through a rigmarole to enable it if you really want it (these a how-to guide at http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9001970). The "administrator" account that Vista creates by default is actually a standard user that can temporarily elevate to admin privelages on a task-by-task basis -- that's what UAC is about.
What's purple and commutes? An Abelian grape.
See http://it.slashdot.org/comments.pl?sid=193364&cid= 15862463
What's purple and commutes? An Abelian grape.
It's coming true exactly as I predicted in http://it.slashdot.org/comments.pl?sid=193364&cid= 15862544! All the people who'd previously spent all their time on Slashdot opinionating that Microsoft should adopt the Linux security model are now spending all their time on Slashdot opinionating that Microsoft stole the Linux security model...
What's purple and commutes? An Abelian grape.
Yea, but from personal experience, they always will, or they'll do something else equally stupid ;-)
It's true that there's a definite limit on the sort of access control that's a good idea, but I do see this being a help.
Besides, this WILL give a more concrete point at which we can say "Don't do this again," because it'll specifically ask the user if they want to allow administrator priviledges to be used by program X at a definite point (and I bet it'll be logged) as opposed to just "Some program that I thought was a word processor/game/wallpaper/etc messed up my computer"
http://www.TheGamerNation.com/Forums
>Could you please name even a single user who has done as you suggested?
The grandparent.
Hence my comment in reply to him/her.
PS -- Re the posts, four or five people had posted more or less the exact same comment -- probably at around the same time, so they hadn't had time to note that others had posted the same thing. I could have merely posted a link to my first post in the subsequent posts, but that would have required extra work on the part of any readers for no particularly good reason. Alternatively, I could have adopted the position that discussions are always better when there are no messy facts around to interrupt the mindless Microsoft-bashing / Linux-bashing, and gone off to have a cup of tea. Since that appears to be the preferred course of action, I assure you that I will not interrupt the partisan food fights with anything no mundane as verifiable reality in future.
What's purple and commutes? An Abelian grape.