Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Exploit Surfaces on Russian Hacker Site

Posted by Zonk on from the exploits-show-up-in-the-funnest-places dept.

Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."

11 of 103 comments (clear)

  1. curious by east+coast · · Score: 3, Insightful

    Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000.

    I'm just wondering who would buy these at such a price. What is the real value of an exploit?

    --
    Dedicated Cthulhu Cultist since 4523 BC.
    1. Re:curious by Rosco+P.+Coltrane · · Score: 2, Insightful

      I'm just wondering who would buy these at such a price.

      Someone with $50,000 to spend as an investment, who expects to make more money out of it.

      What is the real value of an exploit?

      $50,000.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re:curious by vertinox · · Score: 2, Insightful

      I'm just wondering who would buy these at such a price. What is the real value of an exploit?

      People who want to make Vista zombie bots.

      And who would want to do that?

      Spammers

      --
      "I am the king of the Romans, and am superior to rules of grammar!"
      -Sigismund, Holy Roman Emperor (1368-1437)
    3. Re:curious by Rosco+P.+Coltrane · · Score: 4, Insightful

      And when did these "hackers" become such sellouts? Way to ruin an art form...

      The only thing they ruin is the term "hacker". But that's okay, this word has been deformed, mis- and overused for so long to mean "pirate" and "cracker" by stupid media people that it just doesn't matter anymore.

      In reality, these guys aren't even worthy of the term "crackers" (which itself isn't worth much in the first place): they're just mafia, conmen, blackmail artists, forgers, thieves, robbers... whatever you choose to call it. They just happen to use a computer instead of a tommy gun, but the result is the same.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  2. Re:Meant to say this last week.. but.. by Rosco+P.+Coltrane · · Score: 5, Insightful

    Obviously Microsoft is missing these holes in Vista in house.
    Maybe the biggest customer for these zero-day exploits should be.. Microsoft?
    $50,000 isn't that much compared to the other option IMHO.
    Just a thought.

    It's a very valid thought, it's just the form that's bad: what you suggest is Microsoft pays black hats under the table to fix find flaws in their products for them. Quite a PR disaster, surely you'll agree. On the other hand, if they were smart, they would hire talented hackers *upstream*, i.e. during the development process, and offer them the same insane amounts of money on a per-exploit-found basis (at "black market rate" if you will), only these hackers would be working for MS perfectly legally: they would get the same money, trouble-free, and Microsoft could boast they subject their products to the most stringent tests before release.

    Heck, MS could even offer these russians H1Bs/green cards, housing in the US, car and whatnot, that would be small change compared to how Microsoft stands to make out like a bandit on the semi-forced sale of their new OS...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. Re:Fscking Visual Basic by cnettel · · Score: 3, Insightful

    This has nothing to do with Visual Basic. It's the plain and simple Win32 API. The demo just happens to be written in VB.NET using .NET Interop.

  4. Re:Fscking Visual Basic by Daltorak · · Score: 4, Insightful

    Yet again, the need for the CLR to support this moronic language creates a very obvious security flaw. Huh? Where's the logic in that? Blaming VB.NET for a security vulnerability in a Win32 API is like blaming Perl for a security vulnerability in the Linux kernel API. This has absolutely nothing to do with the CLR, Visual Basic (.NET or 6), or any other specific language... the vulnerability exists on the lowest level of the Win32 API (CSRSS, amongst other things, is Win32's interface to the Windows kernel). Any language that can call into Win32 can trigger this vulnerability... including Perl.
  5. Re:Meant to say this last week.. but.. by Ilmarin77 · · Score: 2, Insightful

    MS could even offer these russians H1Bs/green cards
    And a place in jail for violating DMCA.

  6. Why now? by Lxy · · Score: 2, Insightful

    I think it's funny that the black hats are releasing exploits for Vista so soon. The product isn't widely available yet, so by the time Vista ships to consumers mosty of these 0-days will be patched.

    A smart black hat would lay low until SP1 is released, and wait for the real corporate deployment to begin.

    --

    There is no reasonable defense against an idiot with an agenda
    :wq
  7. Doesn't count! by Macthorpe · · Score: 2, Insightful

    Of course, this doesn't don't count, as has been evidenced by the outcry against similar proof-of-concept security holes in OS X.

    I'm pretty sure the Slashdot community wouldn't be so two-faced as to claim something is an exploit on Vista which isn't 'counted' as an exploit on OS X, right?

    Right?

    --
    "It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
  8. Can this be exploited with alert() or prompt()? by scienceguy55 · · Score: 2, Insightful

    I'm wondering what sort of checking IE does on alert() and prompt() calls, and on and tags. If you can force an error would it be possible to run arbitrary code this way?