Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Exploit Surfaces on Russian Hacker Site

Posted by Zonk on from the exploits-show-up-in-the-funnest-places dept.

Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."

8 of 103 comments (clear)

  1. I don't have to... by DittoBox · · Score: 5, Funny

    I don't have to...you know...take pictures of squirrels or pigeons to get a hold of this exploit do I?

    --
    Good. Cheap. Fast. Pick Two.
    1. Re:I don't have to... by Nuskrad · · Score: 2, Funny

      I'm pretty sure the Revelation virus is based on this exploit. Better install Faith, before they get taken over by Symantec.

    2. Re:I don't have to... by 140Mandak262Jamuna · · Score: 2, Funny

      Wont help you. They use ROT-26 encryption. Not some stupid ROT-13 twice.

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    3. Re:I don't have to... by wikes82 · · Score: 2, Funny

      more story here http://www.securityfocus.com/brief/391 hehehe... He also reminds me of that city manager from oklahoma.. what's that guy name ?

  2. Re:Jokes referencing "In Soviet Russia...." by JasonKChapman · · Score: 2, Funny

    Okay. In Soviet Russia, Windows runs you. Oh, wait. . . .

    --
    Sorry, I'm a writer. That makes you raw material.
  3. List of those strings... by fahrbot-bot · · Score: 3, Funny
    Certain strings sent through the 'MessageBox' API apparently cause memory corruption.

    A partial list of those strings appears to be: Linux, Open-Source, GNU, Stallman, and (oddly) chair.

    --
    It must have been something you assimilated. . . .
  4. Re:Meant to say this last week.. but.. by Chosen+Reject · · Score: 5, Funny

    I'm sure this fits into some science fiction plot somewhere. And the truth as it is said is often stranger than fiction.

    Yes it is. Would you believe that the reason for all the security holes is for Microsoft. They're the ones who create the holes so that later they can take crontrol of the bot nets and send out spam. On occasion they find a guy who's trying to go it alone and starts intruding on their turf. They send the police at that guy to take everyone's attention at what their other hand is doing. They're pretty sinister in that regard.
    Holy crap, I could almost believe that. Anybody have any extra tin foil they can spare?

    --
    Stop Global Warming!
    Just say no to irreversible processes!
  5. Re:curious by Dirtside · · Score: 3, Funny
    They just happen to use a computer instead of a tommy gun, but the result is the same.

    You'll be sleep()ing with the fishes?

    Somehow, I don't think the idea of the "St. Valentine's Day TCP stack exploit" has quite the same impact. (Perhaps the "St. Valentine's Day Blue Screen of Death"?)

    All things considered, I'd rather have my computer violated by the Mafia than my body.
    --
    "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased