Windows Vulnerable To 'Token Kidnapping' Attacks

cuppa+tea writes "More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions, including the brand new Windows 2008 R2 and Windows 7."

Re:Yes

[Windwraith]

No, but it's polite, it's greeting the world. You are so insensitive!

Re:Apple replies

[$RANDOMLUSER]

Actually, that's a pretty good analogy, as it makes Windows the fat, ugly chick with 17 enumerable STDs.

Re:About Software

[Lord+Juan]

Really? Can you find a bug in this...

  #include <stdio.h>
  int main()
  {
        printf("hello, world");
        return 0;
  }

But Microsoft did not write that routine, had they done it, it would read something like:

#include <stdio.h>
  int main()
  {
        printf("hello, world");
        get_administrative_privileges();
        collapse_system();
        return 0;
  }

Re:About Software

[DAldredge]

You aren't checking the the return status of printf.

Re:Apple replies

[$RANDOMLUSER]

Windows has shown it will let ANYBODY fuck it. Low self-esteem and all.

Re:Yes

Neither does Windows.

Get a Life Already Hackers!!

I bet these without-a-life hackers are so lame they go on slashdot on a Saturday night! Poor saps don't have a life. Wouldn't want to be them, that's for sure!

Re:About Software

[rudy_wayne]

Really? Can you find a bug in this...

#include
int main()
{
                printf("hello, world");
                return 0;
}

Yes. You left out goatse.cx