Windows Vulnerable To 'Token Kidnapping' Attacks

← Back to Stories (view on slashdot.org)

Windows Vulnerable To 'Token Kidnapping' Attacks

Posted by timothy on Saturday July 17, 2010 @10:09AM from the token-of-my-affection dept.

cuppa+tea writes "More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions, including the brand new Windows 2008 R2 and Windows 7."

5 of 126 comments (clear)

Yes by XanC · 2010-07-17 10:25 · Score: 5, Insightful

It doesn't do anything useful.
1. Re:Yes by davester666 · 2010-07-17 13:40 · Score: 5, Insightful
  
  Well, attacking this specific program has all kinds of possibilities. stdlib hasn't exactly been bug-free over the years, and depending on the environment, other libraries may get automatically loaded into the address space, and those can possibly be attacked. Then there is the infamous 'cc' hack, which automatically added a backdoor when you compiled specific programs.
  Just because you [the programmer] haven't typed in a large amount of code doesn't mean your program has fewer possibilities for bugs and/or attack vectors.
  
  --
  Sleep your way to a whiter smile...date a dentist!
Re:About Software by Anonymous Coward · 2010-07-17 10:30 · Score: 5, Insightful

Yep. It buggers up the prompt.
printf("hello, world\n"); /*is better*/
*This message was compiled with -pedantic.
Re:About Software by ckdake · 2010-07-17 10:40 · Score: 5, Insightful

I don't know the last time I looked at everything in stdio.h for problems so it's tough to say...
Re:About Software by DAldredge · 2010-07-17 11:10 · Score: 5, Funny

You aren't checking the the return status of printf.