Slashdot Mirror
New Remote Flaw In 64-Bit Windows 7
Trailrunner7 writes "Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim's machine."
Watch out!
SJW: Someone who has run out of real oppression, and has to fake it.
So far you must use Safari under Win7 64bit to exploit this. But we would never want to say anything bad about Apple, only about Microsoft...
http://www.h-online.com/security/news/item/Highly-critical-zero-day-vulnerability-in-Windows-discovered-1398625.html
Uh, Linux geek since 1999.
"The only known attack vector for this vulnerability right now is the Safari browser running on Windows 7" - oh - never mind
Safari runs on Windows? Any time I've tried running Apple software (iTunes, Safari, Quicktime) on Windows, it just takes forever to load, wants to spend all day updating, chews up my memory and craps on my processor. If someone is running Safari on Windows intentionally then they might be masochistic enough to welcome this 'feature'
Shouldn't the posting have the Apple graphic instead of Microsoft?
TFA suggests it allows kernel privileges, so it is certainly a Windows exploit. But it may also be a Safari bug too, it depends whether or not the data it is passing to the Windows API calls that are causing the exploit would be considered reasonable or not.
Safari is the only attack vector. This by definition is not a remote flaw as it requires you to do something to exploit a web browser, thus it is a 'local exploit'.
Remote to me means "it's connected, you're vulnerable". This requires the user to take an action, getting some local data. From the description, you could have the same files on the file system and it would work.
Bad? Yeah. But not "plug it in, computer is pwned" bad.
The flaw seems to be in a call to a Windows API.
It is possible to trigger a memory error in the system file win32k.sys by accessing a crafted HTML file in Safari....According to webDEViL, the source of the vulnerability is the function NtGdiDrawStream.
So it is possible other programs could be affected. It is also possible that Safari itself handles the function in a broken manner. Note that Firefox appears to also have crashes related to that function (on x86 Windows, though, it's like the second Google result for that function). So, really impossible to say at this point. Also, they could only cause Windows to crash, not to run arbitrary code or anything. So far anyways.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
just wow.. an iframe causes an attacker to get system level access.. wow again.
Wrong - it's a MS bug in windows, it's just that they triggered it through Safari. A bit like saving saving a file in safari causing the machine to explode - not really Safari's fault.
TFA suggests it allows kernel privileges, so it is certainly a Windows exploit. But it may also be a Safari bug too, it depends whether or not the data it is passing to the Windows API calls that are causing the exploit would be considered reasonable or not.
I wouldn't make that blanket assumption -- Apple installs a MASSIVE amount of crap into the system. A kernel exploit in Windows code is NOT the same as a kernel exploit in Apple code. A service, a device driver, a process running with admin rights without appropriate protections from user-space could all be a vector for a kernel exploit.
Addendum: <iframe height='18082563'></iframe> causes a BSoD by the Windows kernel so it is certainly a Windows bug. It would be trivial of Apple to hotfix it to prevent exploitation via Safari but any other application could theoretically exploit it and elevate their code. Of course it doesn't appear anyone else has actually gotten it to execute arbitrary code yet, despite the summary claim...
So far you must use Safari under Win7 64bit to exploit this.
But we would never want to say anything bad about Apple, only about Microsoft...
Jobs is dead, so go for it.
It seems unlikely this was found by accident, more likely by someone knowing about how the iframe would
be handled in windows and designing something purpose made to break that.
Not knowing how Safari is interfacing with windows, I can't guess if this is a problem in a windows API call or some tool-set used only by Safari. If none of the other Webkit browsers can trigger this bug it would seem more likely to be some safari specific middleware.
All 6 people using Safari on Win7 64bit should definitely avoid all 3 sites on the internet that might have deployed this exploit.
Sig Battery depleted. Reverting to safe mode.
Just you, dude, just you.
The only confirmed anything I've seen is someone can BSOD the computer. Which while a bug, not Remote Code Execute, just Denial of Service attack.
Since this problem only exists in Safari, either Chrome/IE/Firefox are sanitizing those inputs to prevent that from reaching Windows kernel.
Furthermore, since this x64 bug only, my guess is this issue was patched in 32 but for some reason, WOW64 isn't seeing it or catching it.
And the headline should be.. IF your running Safari on Win7-64 Bit.. how many people "really" do that? Hands? Okay.. now how many run Chrome instead of IE? Hands?
I rest my case.
Addendum: <iframe height='18082563'></iframe> causes a BSoD by the Windows kernel so it is certainly a Windows bug. It would be trivial of Apple to hotfix it to prevent exploitation via Safari but any other application could theoretically exploit it and elevate their code. Of course it doesn't appear anyone else has actually gotten it to execute arbitrary code yet, despite the summary claim...
And likely won't -- Win7 64-bit requires DEP, so you can't corrupt a data page and end up executing code unless there's a defect in the CPU *or* you have code in the kernel to change the page type. And if you have code already in the kernel, you don't really need an exploit.
Its also not clear from the article if its corrupting kernel memory, or corrupting user memory. The driver crashing doesn't necessarily imply data in kernel space was corrupted, it just means the driver crashed for some reason.
"on Safari"
Who the hell runs Safari on Windows? That's just as dumb as running IE on OSX.
This is Microsoft buggy code causing issue, Safari problem is merely one way to cause rooting of machine, other softwares using this service will undoubtedly provide more cases.
a) Yes, this is a bug in Windows. No question. Windows isn't validating the input, and should just reject it or throw an exeption or whatever. Crashing is not acceptable and represents a bug in windows.
b) This is also a bug in safari. Safari is not validating its input either. Its just blindly passing a request to create an 18million pixel tall iframe down to the Windows API somewhere...
c) Yes, other softwares will likely be found. But so far only safari is known to be in the unique position of using that API, passing it arbitrary remote content while failing to validate its input.
A bit of malicious code that explicitly does use that API actually has to get onto the local system first. Local exploits are much less serious than remote ones.
So yes, this is a windows bug. But it is also a safari bug. Both should be fixed.
For some reason I have a false sense of security now- if this is the kind of 'exploit' that gets reported and /.ed and that I need to worry about, life is good! I mean really- you have to have Win7 x64, with Safari AND then navigate to a site that serves up a bogus iframe height, AND uses the exploit to make bad on your machine. I can't imagine this affects too many people. Also, why is this a 'Windows Remote' exploit? Safari would seem to not handle the iframe exception, whereas IE, Firefox, Chrome, Opera DO? If this were a true windows exploit I would expect it to occur regardless of the browser. And what other kind of exploit (as it's defined ITA) is there besides a remote one? A local exploit, where someone turns off my machine? I read 'remote' and think RDP... which is not the case here at all.
Accidental funny mod.
(check one)
[ ] Microsoft products are far less secure than Apple. Because everyone knows that Safari is completely safe always on Apple machines, and only fails on Windows.
[ ] Apple products are far less secure than Microsoft. Because obviously the hole in Microsoft security here is introduced through an Apple product, and really doesn't occur otherwise.
[ ] If people were just running Linux, they wouldn't be having these problems.
[ ] This is gonna be good. Ima gettin' my popcorn now!
Check your premises.
It used to be that if my Mac crashed, I was in an MS program (word, powerpoint, IE back in the day) ... and now the roles have reversed.
Build it, and they will come^Hplain.
This is a common misconception on the use of DEP. DEP is a mitigation, not a solution.
There are dozens of ways to get around DEP protection. It helps sometime, but not when you execute already existing (and useful) code inside the kernel/app.
Well there's the problem!
The prototype for the NtGdiDrawStream is as such:
BOOL NtGdiDrawStream(IN HDC hdcDst, IN ULONG cjIn, IN VOID* pvI);
So, simply speculating, this may be something like a ULONG going in, but it gets cast to a signed integer.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
If the OS allows Safari to run any arbitrary code, or ANY software for that matter, then there is an OS problem.
Should Safari accept overlarge iFrame? no. That is also the problem.
Since Window is used far more then safari, and is a core componant of many systems, then putting it as a MS exploit is the responsible thing to do.
The Kruger Dunning explains most post on
because DEP is bug free?
The Kruger Dunning explains most post on
Lots of discussion over whether it's a Windows or Safari exploit/vulnerability. It allows you to exploit something Windows doesn't cater for, and make windows vulnerable. Safari shouldn't behave this way, it's a bug, but Windows should handle it and terminate the process at the extreme.
What it also means is that any process running not as Admin could get privileges, which would negate UAC, which is a Windows feature, not a Safari feature.
I'm sure the 5 users with Safari on Win 64 are worried.
So yes, this is a windows bug. But it is also a safari bug. Both should be fixed.
So how does Safari know whether Windows can support an 18 million pixel high window without requesting one? If it's a valid value for the request, then an application should be able to assume that the OS will either fulfil the request or return an error, not execute arbitrary code.
Did you have more than 4GB of RAM on this system before you installed 64-bit Windows? I was running with 6GB of RAM and seeing all sorts of crashes and nasties in 64-bit Linux, but nothing untoward in Windows. It turned out I had memory errors in the upper regions where 32-bit Windows could not reach.
So what you're saying is that Apple wrote the code in win32k.sys, where the bug is? My mind is blown. One question: If Apple wrote Windows, then why does it suck so much?
Shut up and go back to Vista! And take your Betamax player and your New Coke with you!
I hope you die, painfully and in full view of your family.
Seriously. How much irrational hate do you have?
I can't believe some people here are suggesting this is Safari's fault.
The Windows Operating System should be able to withstand faulty/malicious applications that make invalid API calls.
The kernel should be validating all API parameters, clearly it isn't here.
This is another MS Security Hole, hopefully they fix it ASAP.
WTF would ANYONE run Safari on Windows??? If you want Safari, us a Mac... FAIL
After a bit bit of playing "let's intentionally crash Windows", it seems that using the Windows Classic skin fixes the bug, and the page renders fine (if a little uninteresting, it's basically a long page with a box on it). It BSODs on Windows Basic and Aero. I haven't a clue if this is a real fix, or if it's just that the magic number needed to crash the system is different with Windows Classic compared with Basic / Aero. Windows XP (32 bit) is fine as well (again page renders fine, no crashes of anything).
I personally think it's largely a Windows bug, even if Safari has a bug (that oddly only does anything on one version of Windows, and even then only with certain conditions), a programme doing something stupid should not crash the entire OS.
10 PRINT "LOOK AROUND YOU ";
20 GOTO 10
So its microsofts fault that nvidia and creative wrote buggy drivers?
You insensitive clod.
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
...why I contracted a rogueware/rootkit while surfing reddit the other night. I sure as hell didn't click on any executables, I was running FF 8 with noscript, and MSE was running too. I was greeted with a rogueware popup for antivirus program, and knew immediately I had been infected. MSE never made a sound...in fact, it was shut down immediately.
Oh, and I'm running 64-bit W7.
Thanks to the good folks at bleepingcomputer.com for the tools needed to wipe the machine clean. Thumbs down to MSE, which didn't even pick it up.
So yes, there is a vulnerability here, and it sure as hell involves more than Safari.
For now it's unclear how bad is this, as the only concrete detail is Secunia's link to "original advisory"
From digging around bug submitter's twitter:
@igursev @therealsaumil not really an integer overflow. Otherwise 18082564 would have also worked ;-)
4 hours ago
w3bd3vil webDEViL @
@igursev It probably is, but not theoretically. In simpler terms, I can't build an exploit for it.
12 hours ago
@kernelpool yeah I tried with some help to get code execution but was beyond me...
19 Dec
@r3dsm0k3 Yeah. It's the NtGdiDrawStream which is being called multiple times...leading to a not so interesting crash.
18 Dec
<iframe height='18082563'></iframe> causes a BSoD on win 7 x64 via Safari. Lol!
18 Dec
So a) there's a bug in win32k.sys, tickled by Safari's (allegedly) incorrect API usage, so there's possibility of other exploits, b) "may lead to arbitrary code execution" means "we don't know yet, but we're playing safe", the only confirmed effect is BSoD by memory corruption.
Why the fuck there's so little about it, did nobody research yet what kind of memory corruption it actually does? The tweet's from 4 days ago, FFS.
Because DEP induces morons to believe they're now secure and protected forever.
Has anyone done any proper debugging on this? NtGdiDrawStream doesn't look like public API... I can't find any reference to it in msdn. Does Safari access this function directly or indirectly through another public API? If they are directly calling an undocumented API then shame on Apple (especially so considering their response to iphone app authors use of undocument API). If it is public then shame on MS.
sounds like a safari issue then switch to firefox
Judging from your post and your sig, I'm gonna say you really shouldn't talk to yourself in the mirror like that, it's not healthy.
wow that's a vicious wish. I clicked the parent to see what could have elicited such a metaphor from you. Nothing at all, just the assertion that both Microsoft and Apple make lots of horrible proprietary code like Windows and Quicktime; i.e. your parent asserted windows is horrible and proprietary, and quicktime is horrible and proprietary. can't say that's controversial. (mac is great and proprietary, so is ios, and your parent doesn't mention it, so obviously the beef is wtih horrible and proprietary, so no one can fix it.)
anyway your response scares me.
i guess you're the kind of money-hungry psychopath who makes a great ceo or senior executive.
your image clearly puts you in the psychopath category anyway. my prediction is you're going to threaten me for calling you out on it, and I'm honestly glad I don't know you.
A kernel mode web browser? Uh huh. Sure.
Which is it?
So how does Safari know whether Windows can support an 18 million pixel high window without requesting one?
Safari knows what the screen resolution is. A request for a screen element like an iframe 10,000 times the height of of the screen clearly fails any reasonable sanity check you might think of. Its clearly a broken page, and should be rejected at that point.
Just as if I'm Safari for the iPhone and the page tries to allocate a 2 billion cell html table, i don't care even if its "legal and well formed html", don't bother rendering it.
A request for a screen element like an iframe 10,000 times the height of of the screen clearly fails any reasonable sanity check you might think of.
And how am I supposed to look at this 30 gigapixel Longcat pic now? You insensitive clod!
A request for a screen element like an iframe 10,000 times the height of of the screen clearly fails any reasonable sanity check you might think of.
Never underestimated the size of a log file before opening it in an editor, huh? No, 0123456 is completely correct: it's the kernel's job to validate its function parameters. That doesn't mean Safari should be gratuitously throwing ridiculous values at it, but Safari should be able to without anything bad happening.
For example, you'll probably never need to printf("%1000000000000000s", &hugebuffer), but libc is required to tell you if you've asked it to do something dumb that it can't fulfill. It's right there in the spec. If it fails to ensure it can sanely execute your request, it's broken.
Dewey, what part of this looks like authorities should be involved?
You must be new here if you think no-one says anything bad about Apple.
it's the kernel's job to validate its function parameters.
I never said otherwise.
That doesn't mean Safari should be gratuitously throwing ridiculous values at it, but Safari should be able to without anything bad happening.
And I agree with this too. Read the whole thread not just the last response. I said at least TWICE that I completely agreed it was a bug in windows ALSO.
My point here, is that EVEN if windows COULD fullfill this request, Safari should STILL be blocking it. My browser shouldn't open 18million pixel high iframes, simply because some random website asked it to, even if it were technically possible.
There is all sorts of perfectly legal html, css, etc one can write that browers should reject or at least constrain.
p { border-width:15000000000px; }
Perfectly legal and well formed. The CSS spec doesn't say where that I can find what the maximum border width in pixels should be. It doesn't say anywhere I could find what the largest integer should be. So15 billion pixels border width? Within spec.
My browser should still just ignore it.
It shouldn't even get passed onto the drawing APIs to try.
Ugh... man, I hate to break it to you, but your "understanding" of the security technologies is *way* off.
First, DEP is trivial to bypass. Go research "return-oriented programming" and you'll find not only working exploits but even entire toolchains that can compile an arbitrary C program into a return-oriented stack that executes by controlling the program counter and stack frame (including local variables) to make a binary execute completely different instructions. (The mitigation here is ASLR, which has its own counters although the easiest so far is finding a binary that is loaded without ASLR enabled and its address is therefore known.) The most common purpose of a return-oriented program is to mark a section of memory executable (turn off the NX flag for that page, which essentially says "I want this piece of memory to prevent DEP is disabled" and has many legit purposes, so it can't be blocked).
Second, there are attacks that work even when DEP is enabled. Ever heard of "JIT spraying"? It's a pretty simple technique, actually - you use any program that has a JIT compiler, like Safari (or any other modern browser, or Flash, or a Java applet, or...) and have it load a script or bytecode containing a whole bunch of instructions like this that do things like add two 64-bit integers together. With each of these, you write 17 bytes of memory into the instruction stream. You have full control over 16 of them and you know what the other one is. Now, if the instruction pointer jumps to the start of the first instruction, it'll do a bunch of meaningless arithmatic on really big numbers. If it jumps into the stream in the middle of one of those huge instructions, though, it's now exeuting attacker controlled code, and can do pretty much anything at all (you can fit a lot of x86 instructions wholly within a 64-bit number, much less a bunch of them). You have to work around the actual arithmetic opcodes, but since you know what they are and you control the bits around them, you can make them be interpreted as part of the alternate instruction sequence.
Seriously, that's just two approaches off the top of my head that both completely defeat DEP. There are others, too. In general, if the attacker can write even a few bytes of arbitrary memory (sometimes as little as changing one bit is sufficient), you assume they can take over the program. If they've already got control of the instruction pointer (which is the point where DEP even becomes relevant) you *KNOW* you're hosed.
Also, the kernel-mode crash is certainly due to to a kernel bug. Hypothetically you can have a bug that doesn't involve memory corruption, like a syscall that takes a pair of parameters and divides them without checking whether the denominator is zero. However, any kernel entry point (be it in a driver or otherwise) is supposed to validate its input when the input is coming across the user/kernel boundary. If it's not doing that, or not doing it correctly is is a bug. Since we're discussing kernel-mode code here, it is specifically a kernel-mode bug. The fact that the bug is triggered by compromising a user-mode program doesn't change that at all; I could just as easily write a user-mode program that intentionally triggered the kernel bug, and get arbitrary privileges on the system.
There's no place I could be, since I've found Serenity...
If the OS allows Safari to run any arbitrary code, or ANY software for that matter, then there is an OS problem.
Safari isn't just a user mode application. The only reason it's on windows is part of an itunes installation, which includes several services which run in the background with SYSTEM privileges.
Since the flaw isn't clear yet, it's all speculation at this point.
If Apple wrote iTunes, then why does it suck so much?
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
WTF?
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
At about 100 pixels per inch, that's about 180,000 inches. That's almost 3 miles. Also, if the image is 200 pixels across, you have 3.6 billion pixels. At three bytes per pixel (RGB), that's over 10 billion bytes. That's more than most people have in RAM plus swap. Shouldn't something check to see if the computer can handle such a request
Use Opera to be safe from this, but only 4 Safari webbrowser so far is "vulnerable" to this, afaik too...
* Opera's got controls for any aspect of a webpage pretty much from its built in options (better imo than other webbrowsers by FAR) inclusive of the attack mechanism in iframes usage here (though it's only Safari from Apple that has the issue).
(OPERA ROCKS!)
APK
P.S.=> GET Opera 64 bit for Windows here -> http://dev.opera.com/articles/view/64-bit-opera-and-out-of-process-plug-ins/ (great 1st round port alpha only but is decent - can't WAIT to see/have final Opera 12 optimized & ready (which imo, shouldn't be long, this rounds THAT good))...
... apk
Shouldn't something check to see if the computer can handle such a request
Yes, the Operating System - the thing that manages the hardware of the computer.
Having said that, there's nothing wrong with user-mode programs also doing sanity checking - defense-in-depth and all.
*grumble grumble*
Of course it does. It's part of MS's plan to bring the "bang" back into C++. All this nonsense about buffer overflows and what not, that's just the managed code people trying to keep good programmers from realizing the speed and efficiency of a good, tightly written C++ program, which can compromise your machine in 10 seconds flat.
I have frequent, unkind thoughts for a company that scuttled a good migration to a nicer programming experience.
How about, instead of Windows 8, you finish the code migration? 7 will tide us over for another several years.
I am John Hurt.
7 people.
I've been working on a (God help me) PHP implementation of a CalDav client for Davical, and Safari is one of the five or so browsers I've been testing it on.
I am John Hurt.
iTunes ain't done 'till Windows won't run.
win32k.sys is not an NVidia driver.
Nvidia's crashes Firefox and Creative's kill my machine with IRQ errors.
Sorry. Slashdot had some wonderful UI changes again such that your parent post didn't show up at all (on the main comment page in TFS).
I would be very worried about any user mode code that can blue screen the system.
The bluescreen is simply an indication kernel mode state is horribly inconsistent. Whatever the code was able to do to corrupt OS state, there is a good chance this could be used as an attack vector.
Making an application crash is often the point of discovery of new exploits.
Admittedly, I don't know the security model too well. But how does Windows know that the instructions coming from Safari are Good or Evil?
Don't worry, he [thinks he] is one of God's Christian soldiers.
What ? How do you propose the OS know whether or not Safari is running "arbitrary" code ?
Intel or AMD?
If Apple wrote iTunes, then why does it suck so much?
THIS! For the love of God - THIS!
Just as I have before when the C&C servers for it, or domains foisting attack code on users, are known.
An "e.g."/Case-in-point where I have done so before:
---
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128
---
* Want more?
APK
P.S.=> I never, EVER, "lose my touch" (especially vs. ac trolling/stalking cowards like yourself that stalk me here endlessly only to end up making ME look good as per usual)...
... apk/b
Nah, when it's a privilege escalation bug exploitable through a web browser in iOS we just call it "unlocking" the phone.
--Jeremy
Jesus was a liberal
Were systems breached here running Windows in 2011?
KERNEL.ORG COMPROMISED:
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised
---
Linux.com pwned in fresh round of cyber break-ins:
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/
---
Mysql.com Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware
---
Linux's showing in CA's breached recently too? Ok:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com
http://uptime.netcraft.com/up/graph?site=www.gemnet.nl
The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:
http://itproafrica.com/technology/security/cas-hacked/
&
http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811
---
Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?
You get the picture...
* TOP THAT ALL OFF W/ DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS, PER THIS ARTICLE (very recent):
http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers
APK
P.S.=> Linux Security Blunders DOMINATE in 2011, despite all /. "FUD" for years saying "Linux = SECURE" (what a crock of shit that's turning out to be, especially on ANDROID)
... apk
Were systems breached here running Linux in 2011?
http://it.slashdot.org/story/11/12/21/1918240/new-remote-flaw-in-64-bit-windows-7
And the now obligatory link (valid both for Windows and Linux) :
http://en.wikipedia.org/wiki/Correlation_does_not_imply_causation
Were these systems breached in 2011 running Linux? Yes or No will do as your answer:
KERNEL.ORG COMPROMISED:
http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised
---
Linux.com pwned in fresh round of cyber break-ins:
http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/
---
Mysql.com Hacked, Made To Serve Malware:
http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware
---
Linux's showing in CA's breached recently too? Ok:
http://uptime.netcraft.com/up/graph?site=StartCom.com
http://uptime.netcraft.com/up/graph?site=GlobalSign.com
http://uptime.netcraft.com/up/graph?site=Comodo.com
http://uptime.netcraft.com/up/graph?site=DigiCert.com
http://uptime.netcraft.com/up/graph?site=www.gemnet.nl
The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:
http://itproafrica.com/technology/security/cas-hacked/
&
http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811
---
Toss ANDROID (yes, a Linux since it uses a Linux kernel) in also, since it's being "shredded" on the mobile phone security-front rampantly for years now?
You get the picture...
* TOP THAT ALL OFF W/ DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS, PER THIS ARTICLE (very recent):
http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers
APK
P.S.=> Linux Security Blunders DOMINATE in 2011, despite all /. "FUD" for years saying "Linux = SECURE" (what a crock of shit that's turning out to be, especially on ANDROID)
... apk
If Apple made OSX from FreeBSD(which rocks), why does it suck so much?
Just tried this on Chrome, and the exploit worked. It doesn't seem to work on Firefox, though. Maybe it IS a WebKit bug...
This is not a Safari bug, any Webkit browser can exhibit this easily, as can ANY Windows component that renders Windows controls. The bug is actually in the GDI rendering engine in the kernel, when it applies a NineGrid transform. See this analysis: http://pastebin.com/XTWnLF3p
Were these systems breached in 2011 BECAUSE they were running Linux ? Yes or No will do as your answer:
NO (see, simple answer troll), none of them, and you know it.
Was TFA's flaw because it was running windows ? AFAWCK not really either, it's still a matter of discussion between experts, but as long as only Safari is concerned, it looks more of a Safari bug to me. When this can be exploited otherwise and not only through Safari, then maybe it could be because of windows kernel, still a matter of discussion between actual experts, certainly not you or me.
So be quiet, sit and watch until you get your PhD in Computer Science instead of spreading FUD on linux and shame on Windows other users (users who really don't deserve to be "represented" by a useless piece of trollshit like you).
Ur asked if systems breached in 2011 listed here run Linux http://it.slashdot.org/comments.pl?sid=2585524&cid=38462240 n' 4U 2 answer yes or no, that's all. Should be simple. That is, unless ur tryin 2 hide something, haha.
QUESTION: Did systems breached in 2011 run Windows here? http://it.slashdot.org/comments.pl?sid=2585524&cid=38462240 or did they run Linux?
I mean, lol, it doesn't get any simpler or more specific than THAT, haha, that is unless you're as was said, "hiding something", etc./et al, lol!
* Perhaps rephrasing the question per my subject line above, & maybe THAT way will get a simple YES or NO answer from you...
Prying a simple yes or no from you for "some reason" lol, seems to be a problem for you here... why's that?
(I.E.-> Your dull brain will have realized that you've been maneuvered like a pawn into a simple question you refuse to answer, phrased either way... lol!)
I tell you readers: My AC stalker trolls are just (you KNOW I just gotta say it) "too, Too, TOO EASY - just '2EZ'" to blow away with facts & logic, everytime...).
Me?
I love it - makes me look good without breaking a sweat!
APK
P.S.=> Yes or no to the above (or were they running Linux, not Windows & got breached? "Inquiring minds want to know")... apk
More details now available:
http://pastebin.com/XTWnLF3p
https://twitter.com/#!/aionescu/status/149818580471517184
Running Windows here? YES or NO -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38466132 per my subject-line above...
(LOL, my ESP is on "high intensity" tonite, & "thus", lol - I predict MORE evasions from the ac stalker troll..., anyone want to bet against me? LMAO! So far the odds are with me what? 5++:1 of his evasions, perhaps 6 already? ROTFLMAO...)
* Trolls - especially the ac stalker troll types? Man... they are just TOOOO easy to "route", especially the "Pro-*NIX" penguins, once you get them maneuvered into a corner on a simple YES or NO answer question... lol! Evasions, abound... lmao!
APK
P.S.=> This? Man... you know: This was just "too, Too, TOO EASY - just '2EZ'", as usual... lol!
... apk
(LOL, my ESP is on "high intensity" tonite, & "thus", lol - I predict MORE evasions from the APK runaway troll..., anyone want to bet against me? LMAO! So far the odds are with me what? 5++:1 of APK's evasions, perhaps 6 already? ROTFLMAO...)
* Trolls - especially APK? Man... they are just TOOOO easy to "route", especially the "Pro-BS" APKs, once you get them maneuvered into a corner on a simple YES or NO answer question... lol! Evasions, abound... lmao!
(not) APK
P.S.=> This? Man... you know: This was just "too, Too, TOO EASY - just '2EZ'", as usual... lol!
... (not) apk
YES or NO: Were systems breached in 2011
YES :-) many "systems" were breached in 2011, Windows ones (MILLIONS**), linux ones (a few dozens ?), OSX ones, iOS ones, Androïd ones, Symbian ones (and APK's one of course, since none of his BS protections protect him against new threats) ... Most of them were NOT breached BECAUSE they were running the OS that they were running (but you keep evading that FACT, because you're a FUD-spreading troll :-) ).
....
:-p
So I answered your offtopic question (thrice already), will you answer ours (ontopic) ? (no you won't, you'll keep evading as usual)
**NB: MILLIONS of Windows system were breached, but contrary to you, I don't imply that they were breached BECAUSE they were running Windows (although some were, the flaw of this article might arguably be an example of that). You're a several-times debunked troll and I will prove it again and again and again
Your ass must be a ruin after being kicked soooo many times APK. Does it hurt ? or do you like it ?
Yeah ! nailed it ! Since you always come back asking for more ass-kicking I'm now sure you love that ! you silly SM-loving FUD-spreading troll
Guess you had your orgasm twice already ? didn't you ? want more of it ?
QUESTION: Were systems breached here running Windows? -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38462240
* YES or NO answers are all that is required...
APK
P.S.=> It's funny watching penguins perform "evasive maneuvers" to avoid answering a simple YES or NO answered question, lol... apk
Yeah sure, keep evading obvious troll :-)
... although since you seem to barely understand the fundamental of English grammar and words' meanings, I'm not surprised
:-)
We answered your question, 4 times now, still no answer from you, as predicted
Merry Xmas APK
Yes apk. System breached in 2011 were running Linux here http://it.slashdot.org/comments.pl?sid=2585524&cid=38462240
Can you also PLEASE learn to command written english properly also?
I mean, look at this mess quoted from you next below troll, it's pitiful ("linux insecure" & lol, "MySQL injections"?? Please, lol):
"all his crap about linux insecure because of MySQL injections" - by Anonymous Coward on Thursday December 22, @01:04PM (#38461498)
CLUE/New NEWS/NewsFlash: There's no such thing as "MySQL injections", lmao, you dolt... lol!
APK
P.S.=> Thanks for ADMITTING finally that Linux systems were indeed, breached & badly... Especially in 2011 here & rampantly -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484900 Very BAD breaches too, no less (Linux sourcecode repository, lol, & the 5 CA's that handle SSL/ecommerce/online banking etc.).
... apk
ahahahahah, oh my belly ache. APK you didn't put an 's' to System, so you APK are publicly admitting that only ONE single linux system was breached in 2011 compared with MILLIONS systemS breached in 2011 that were running windows.
:-D
... we know were you live
;-) )
Oh Peter, my love, you're so hilarious, I'm pissing in my pants because of you now
I think we should meet someday, after all
(in your mommy's basement
1. Can you please learn to write English properly, you illiterate little troll ? (12-year old, uh ?)
2. You posted that comment (you made your classic grammar mistakes), which proves once again that you're a troll (but hey, YOU PUBLICLY claimed and gave PROOFS that you were a multi-banned troll, so why should we be surprised)
3. I'll honestly admit that I made a typo about SQL injections vs. MySQL injections (though there are SQL injections specific to MySQL) but the SQL backend used WAS MySQL you idiot, and the injection was the cause of the breach. MySQL and SQL injections being OS agnostic (as any person with even a tiny bit of understanding of computer should know, i.e. not you) this was not a linux breach. (and I WILL say the same to anyone claiming "OMFG a windows machine was breached" under these exact same circumstances)
4. Where is your PhD in computer science ?
QED, APK's ass kicked
Hahaha & u tell others how to write? I can't take laughin so much!
You wrote about it here http://it.slashdot.org/comments.pl?sid=2585524&cid=38461498 doubtless used against shoddy Open SORES wares (seeing how much Linux was breached in 2011 here http://it.slashdot.org/comments.pl?sid=2585524&cid=38461846 , especially android in the news daily), hahaha.
Sure keep evading our FACTS you silly nitty SM-lover :-)
It only proves more and more that you're just a bunch of kids trolling on slashdot, and not an actual being.
APK doesn't exist: PROVEN FACT !
An imaginary threat that DOESN'T EXIST that you made up (lol)...
APK
P.S.=> To anyone reading: The ac stalker troll of mine's big on making up things that don't exist to fit his "phantasy land" world he lives in, lol... just like "mySQL injection"!
... apk
Oh come on. Is that the best you've got APK ? quibbling over two letters ?
told you what I meant: SQL injectons and I made an honnest typo, that I admit
fact is that if YOU consider I'm talking about (my :-p)SQL injections, all your arguments about linux breached fall flat on the ground and you'll look like a fool or like what you are: a troll
Thanks for making my point obvious
"told you what I meant: SQL injectons and I made an honnest typo, that I admit" - by Anonymous Coward on Wednesday December 28, @10:22AM (#38515084)
What's "honnest", lol? Let me guess: "Trolllanguage"?? LOL, i.e.-> Code to summon other trolls, or something like that? Hahaha... honest I am laughing bigtime now.
* See subject line above, & this -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964... lmao, for a good laugh!
APK
P.S.=> "I rule..."
... apk
honnest = help online now need extra stalker trolls in trollanguage
In my case specifically w/ ac stalker trolls that hound me here, honnest = "he's online now need extra stalker trolls"
APK
When APK gets bored, I guess this is what he does. I'm reasonably sure that very few of these "anonymous" posts were not simply him replying to himself. What a loser. by Anonymous Coward on Friday December 30, @10:20AM (#38538420)
So u're APK replying to himself?
"As a matter of fact, no; my house (which I paid cash for, and significantly more than your paltry $1) does not even have a basement." - by Anonymous Coward on Saturday December 31, @10:22AM (#38548120)
Prove that you own a home of your own then... it's pretty simple!
* You KNOW I own my own place paid for in full, so, what's your point? Mine's that you prove your words now... go for it!
(I'd wager you don't & the "$1" part? That's for taxes... you obviously haven't purchased a home IF you don't know that much!)
APK
P.S.=> He'll "run/evade" to NO end, as-per-his ac stalker usual... apk
Nah. Unlike you, I don't feel the need to jump whenever some idiot on the internet says "Jump!".
"Nah. Unlike you, I don't feel the need to jump whenever some idiot on the internet says "Jump!"." - by Anonymous Coward on Saturday December 31, @11:46AM (#38548758)
No, in YOUR case, as I stated it would be? You RUN/EVADE questions instead... lol!
* Funniest part is, you DID EXACTLY WHAT I SAID YOU WOULD - you evaded the question & RAN!
U FAIL!
(You did so, "jumping' right through the hoop as commanded" & in EXACTLY the way I said you would in my 'prediction' earlier, lol... which is based on much experience with your feeble off-topic illogical weak ad hominem attacks attempts on myself I turn aside just as I have now... lol, making you RUN/EVADE questions you have put to myself numerous times to which I provided the asked for information with proofs from reputable sources for it... the very thing YOU CANNOT PRODUCE for yourself when asked the same questions, lol...!)
Does you in, easily, every time too... lmao! When will YOU ever learn you don't possess the intelligence, accomplishments, or background necessary to "take me down"?
APK
P.S.=> Ah, man... you KNOW I've just GOTTA SAY IT, as-is-per-my-usual inimitable style:
This? This was just "too, Too, TOO EASY - just '2EZ'"
Simply because you did EXACTLY what I said you would do, just like a well-trained pet would (run fido, RUN, lol) - I know YOU, better than YOU KNOW YOURSELF by now!
It's really simple to do also: I always make you RUN/EVADE questions, easily, every time you ac stalk/harass/troll me, & using your own methods against you (very simple), because I KNOW you'll run/evade certain questions, without fail (it's hilarious)...
... apk
Matter of fact, I'll tell you what. Only if you prove to me that you have that sports car you've claimed to have, then I'll reciprocate: I'll prove that if I wanted to I could buy it from you, cash, on the spot. Say, a photo, with you in it (I'll recognize you, naturally), in your driveway, with your house (I'll recognize that too, naturally), and the car. I'm sure you can find plenty of free image uploading sites and post a link.
You can probably see it on GOOGLE earth (I'll save you the trouble of giving me some temporary throw-away email account) next to my home.
The point here's simple though, as the "bottom-line" here: You demand proofs of others, but when the same's asked of you? You RUN!
(This only shows anyone reading that though you demand proofs of others, you cannot produce proofs of your doing the same OR BETTER, & that makes you a b.s. artist talking out his behind).
* There's little point continuing this with you @ this point other than to tell you that I feel you must have a MISERABLE LIFE if all you do is stalk, harass, & troll others online...
APK
P.S.=> The part I don't mind though when you do it to me is that you always make some huge blunder that ends up making me look good though, like you running away from proving you have a degree, a home, or anything else you asked of myself now, or in the past...lol!
... apk
You don't reciprocate (you RUN from questions on proof you have a degree, a home of your own paid for in full, more/earlier/better accomplishments in Comp. Sci. related areas than I, etc./et al (the things YOU attempt to ad hominem attack ME on, & you fail each time due to facts I post substantiating proofs via my rebuttals to your weak illogical off topic b.s. every time with, no less))...
* Plus, I have posted images of my vehicle online before (so go find 'em)...
APK
P.S.=> Lastly, as I said before earlier to you: You're nothing more than an off topic illogical ad hominem attack attempt using troll (which I turn aside with ease every time you try this, lol, & with facts) - you're not worth any efforts on my part, whatsoever....
... apk
http://it.slashdot.org/comments.pl?sid=2585524&cid=38566080
APK
LMAO -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964
APK
P.S.=> Ahem, lol: Before you call others fools, take a GOOD LOOK @ YOURSELF above (quoted there, you make yourself out to be the biggest FOOL of all, as well as an off-topic illogical weak ad hominem attack attempting & failing online stalker troll complete with major obsessions with myself "issues")...
... apk
http://it.slashdot.org/comments.pl?sid=2585524&cid=38572128
APK
P.S.=>
"I jumped into this tag-team-apk-troll long after that MySQL comment was posted." - by Anonymous Coward on Tuesday January 03, @11:10AM (#38572816)
Sarcasm -> "Sure you did..." LMAO (b.s.) - You "F'd-Up" there, & just can't admit it, lol...
... apk
http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964
APK
P.S.=>
"We are anonymous; we are legion. Claiming that one Anonymous Coward is the same poster as another Anonymous Coward just continues to make you "look the fool"." - by Anonymous Coward Who told us about "MySQL Injection", lol on Tuesday January 03, @01:03PM (#38574358)
Correction: You are ANONYMOUS COWARD. You are NOT LEGION. Claiming that YOU, Anonymous Coward, are the same poster as the other AC's continues to make YOU "look the fool", by telling us about "MySQL Injection" (lmao)...
... apk
Claiming that YOU, Anonymous Coward, are the same poster as the other AC's
I claimed that I am NOT the other AC. Get your story straight, you just made yourself look even MORE "the fool", LOL.
"I claimed that I am NOT the other AC." - by Anonymous Coward The "master of MySQL Injection" (LMAO) on Tuesday January 03, @02:40PM (#38575642)
Evading questions again? What's this on "MySQL Injection", lol -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964
APK
http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964
APK
P.S.=> Care to tell us more about this "new term" you've coined? ROTFLMAO...
... apk
"You're an idiot." - by Anonymous Coward on Wednesday January 04, @06:13AM (#38583436)
Perhaps, butI'm NOT THE IDIOT talking about "MySQL Injection", lmao - YOU ARE!
APK
P.S.=> Toss all the names you want to in your effete off-topic illogical ad hominem attack attempts, ac stalker troll, but the fact remains YOU BLEW IT (lol, "MySQL Injection")...
... apk
Here it is -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38583912 where you "paint a picture" for us all of how truly foolish you are.
APK
P.S.=> And of course this too -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964
... apk
Looks like you I addressed here -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964 no denying it, ac stalker troll - you were caught quoted there...
APK
P.S.=>
"Actually, yes, you are the ONLY idiot talking about that. I never was. You STILL are." - by Anonymous Coward on Wednesday January 04, @09:51AM (#38584706)
Well, I can't help it - YOUR "MySQL Injection"'s VERY FUNNY!... apk
Sarcasm "Oh, sure, I believe u" (not). Now tell us about "MySQL Injection" (lol).
After all - YOU 'coined' that "new security term" (lol, NOT)...
APK
P.S.=> Good read here:
http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964
"Drink it in, & DIGEST it" (because you're eating your own words in it, after you stuck your foot in your mouth & it's also got the 'added spice' lol, of "the bitter taste of defeat" mixed in, hahaha - But, where are my manners here? "ENJOY YOUR MEAL", lol, & YOU are the cook too who prepared it, I just "served it up" to you, lol, easily (picture me as Clint Eastwood riding away now in "High Plains Drifter" -> http://www.youtube.com/watch?v=-PBNRwcBOuk&feature=related riding away victorious, as per my usual... ))... apk
LMAO -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964
ROTFLMAO -> http://it.slashdot.org/comments.pl?sid=2585524&cid=38484964