Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Exploit Surfaces on Russian Hacker Site

Posted by Zonk on from the exploits-show-up-in-the-funnest-places dept.

Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."

3 of 103 comments (clear)

  1. I don't have to... by DittoBox · · Score: 5, Funny

    I don't have to...you know...take pictures of squirrels or pigeons to get a hold of this exploit do I?

    --
    Good. Cheap. Fast. Pick Two.
  2. Re:Meant to say this last week.. but.. by Rosco+P.+Coltrane · · Score: 5, Insightful

    Obviously Microsoft is missing these holes in Vista in house.
    Maybe the biggest customer for these zero-day exploits should be.. Microsoft?
    $50,000 isn't that much compared to the other option IMHO.
    Just a thought.

    It's a very valid thought, it's just the form that's bad: what you suggest is Microsoft pays black hats under the table to fix find flaws in their products for them. Quite a PR disaster, surely you'll agree. On the other hand, if they were smart, they would hire talented hackers *upstream*, i.e. during the development process, and offer them the same insane amounts of money on a per-exploit-found basis (at "black market rate" if you will), only these hackers would be working for MS perfectly legally: they would get the same money, trouble-free, and Microsoft could boast they subject their products to the most stringent tests before release.

    Heck, MS could even offer these russians H1Bs/green cards, housing in the US, car and whatnot, that would be small change compared to how Microsoft stands to make out like a bandit on the semi-forced sale of their new OS...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. Re:Meant to say this last week.. but.. by Chosen+Reject · · Score: 5, Funny

    I'm sure this fits into some science fiction plot somewhere. And the truth as it is said is often stranger than fiction.

    Yes it is. Would you believe that the reason for all the security holes is for Microsoft. They're the ones who create the holes so that later they can take crontrol of the bot nets and send out spam. On occasion they find a guy who's trying to go it alone and starts intruding on their turf. They send the police at that guy to take everyone's attention at what their other hand is doing. They're pretty sinister in that regard.
    Holy crap, I could almost believe that. Anybody have any extra tin foil they can spare?

    --
    Stop Global Warming!
    Just say no to irreversible processes!