Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hot Potato Exploit Gives Attackers the Upper Hand On Multiple Windows Versions

Posted by timothy on from the here-you-take-it dept.

An anonymous reader writes: By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows. The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000. Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges. All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.

127 comments

  1. Was bound to happen... by __aaclcg7560 · · Score: 2, Funny

    Mr. Potato Head has gone to dark side, becoming Hot Potato and joining forces with Evil Bernie and Evil Ernie to rule the world. One Windows machine at a time.

    1. Re:Was bound to happen... by Nyder · · Score: 1

      Mr. Potato Head has gone to dark side, becoming Hot Potato and joining forces with Evil Bernie and Evil Ernie to rule the world. One Windows machine at a time.

      https://en.wikipedia.org/wiki/...

      --
      Be seeing you...
    2. Re:Was bound to happen... by __aaclcg7560 · · Score: 1

      I meant the gang from Sesame Street.

      https://i.ytimg.com/vi/E97Pg6YuOqk/hqdefault.jpg

    3. Re:Was bound to happen... by Black+LED · · Score: 1

      I don't know about Ernie, but Bert has been a known evildoer for a long time

    4. Re: Was bound to happen... by Anonymous Coward · · Score: 0

      Bert != Bernie. Otherwise, people would instantly get the joke.

  2. So last week by Anonymous Coward · · Score: 0

    I released a major exploit called Sweet Potato

    1. Re:So last week by Anonymous Coward · · Score: 0

      Runs on a Pi, right?

    2. Re: So last week by Anonymous Coward · · Score: 0

      Fail. It runs on a CHIP.

    3. Re:So last week by Anonymous Coward · · Score: 0

      I just released a huge exploit too, but now I think my toilet's broken...

  3. Same old, same old, same old by Anonymous Coward · · Score: 0

    That is probably the best way to describe it.

  4. And, Suddenly... by Anonymous Coward · · Score: 1, Funny

    Thousands of slashdotters have a simultaneous joygasm.

  5. because in windows broken security is a feature by Anonymous Coward · · Score: 0

    >by patching them, the company would effectively break compatibility between the different versions of their operating system.

    because in windows broken security is a feature

    1. Re:because in windows broken security is a feature by chipschap · · Score: 2

      >by patching them, the company would effectively break compatibility between the different versions of their operating system.

      Since when did MS seriously worry about compatibility between versions? They're trying to force everyone onto W10 and who cares what breaks ... !

    2. Re:because in windows broken security is a feature by suutar · · Score: 4, Informative

      They put a lot of effort into backwards compatibility in each version. They've been known to create "shims" to duplicate previous undocumented/buggy behavior that a particular app depends on that get loaded for just that app, because they know that if you update windows and your app stops working, it's not the app using unsupported functionality that's gonna get blamed.

    3. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      Actually to maintain a lack of security in Windows is backwards compatibility.

    4. Re:because in windows broken security is a feature by phantomfive · · Score: 4, Interesting

      Since when did MS seriously worry about compatibility between versions?

      They made a huge effort in Windows95. You can read about it here (though they've changed somewhat too). Quote:

      Raymond Chen writes, "I get particularly furious when people accuse Microsoft of maliciously breaking applications during OS upgrades. If any application failed to run on Windows 95, I took it as a personal failure. I spent many sleepless nights fixing bugs in third-party programs just so they could keep running on Windows 95."

      --
      "First they came for the slanderers and i said nothing."
    5. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 5, Informative

      They put a lot of effort into backwards compatibility in each version.

      That's an urban legend. When I worked there, I didn't hear of any effort at all made for backwards compatibility, except for a few tools we used internally. We just didn't give a damn about it, and that's why Windows is so horrific at it.

      For example, the company I work for now uses 29 pieces of official software, and 26 of them have at least minor problems on Windows 7 or newer. They all work fine on Vista, so we're stuck with Vista. We've even offered a bounty* for anyone that can get Lotus 2.3 to run. On Windows 10, when you run 123.EXE, it displays the message "This app can't run on your PC." Even right clicking on the file in Exploder, Properties, Compatibility tab, Compatibility Mode then Windows 95 doesn't help. That option doesn't seem to do anything on the ~50 different programs I've tried it on. Microsoft doesn't give a damn about backwards compatibility.

      * We have six hundred thousand legal documents in Lotus that we can't convert to other formats because there's just too much paging and formatting problems. OpenOffice is damn good, but it isn't perfect. Obviously with that many files and with having to run Vista or older on all of our computers means we're willing to pay quite a stiff bounty to anyone that can help us solve this Microsoft-created problem without resorting to running a vm.

    6. Re:because in windows broken security is a feature by Etherwalk · · Score: 2, Insightful

      Microsoft doesn't give a damn about backwards compatibility.

      No doubt that's why we can still use the same API calls sixteen years later...

    7. Re:because in windows broken security is a feature by Archtech · · Score: 1

      They put a lot of effort into press releases, brochures and presentations about backwards compatibility in each version.

      FTFY.

      --
      I am sure that there are many other solipsists out there.
    8. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      Shouldn't Windows Update just look for a newer app version and update it so it works?

    9. Re:because in windows broken security is a feature by epine · · Score: 1

      Since when did MS seriously worry about compatibility between versions?

      Q: Since when did abattoirs care about inducing stress in doomed cattle walking the ramp?

      A: Ever since Temple Grandin showed them it was the easiest way to get the cattle to enter the building with the least effort in the most desirable condition.

      I've been following Microsoft since forever.

      True story: I went to a local homebrew meeting in the late seventies (I live on the Canadian side of the Pacific Northwest) and people were muttering already (during an especially boring presentation) about this kid in Seattle who had already made himself a MILLION dollars.

      Bill, being somewhat autistic himself, fully understood everything Grandin knows about cattle from day one.

      Microsoft has devoted more gut-busting work behind the scenes into greasing the skids of eternal lock-in than any other computer company that has ever existed.

      The problem they create for themselves in this regard is almost impossible to truly fathom. The "choke off the competitive air supply" side of their business model means rushing into every burgeoning market with the shallowest piece of shit that ticks boxes. How they even manage to back-fill these products to the state of "almost works" lies well beyond my technical comprehension.

      Make no mistake about it, Microsoft is the gemstone-encrusted Swiss watchmaker of the polished turd.

      The reason Microsoft talks about "innovation" until they are blue in the face is because they really don't want to talk in public about the technically daunting process by which their sausage is actually made.

    10. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      > They made a huge effort in Windows95.

      There were no Windows 2 programs that would run in Windows 95, most of them worked fine in Windows 3.x. I had to keep a version of 3.11 running for a Windows 2 program that there was no useful replacement for.

      When the early versions of Windows 98 were being user tested there was no DOS box, it had been removed. This was universally rejected so MS had to delay release while it put back DOS compatibility.

    11. Re:because in windows broken security is a feature by phantomfive · · Score: 1

      Yes, it is worth remembering that the entire reason Microsoft included backwards compatibility was because users demanded it.
      The reason OS/2 failed is because it didn't include backwards compatibility, despite being a better operating system.

      --
      "First they came for the slanderers and i said nothing."
    12. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      They put a lot of effort into backwards compatibility in each version..

      Yes, in 1995. Your information is a bit out of date. Well, twenty years out of date.

      At my company, we have three programs our customer services reps use constantly. All three work fine under Vista, but do not work at all with 7 or newer even when setting the compatibility settings, which seem to do nothing in 10.

    13. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      I wish they would document their work so that when the application's functionality is dependent of a single user setting, the customer wouldn't have to search the whole visible internet for a solution.

    14. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 1

      That's an urban legend. When I worked there,

      You are using appeal to authority and you are not doing a very good job at it.

      CD C:\windows\WinSxS

      Dir *CRT*

      That whole directory is *designed* for backwards compat. If you fire up windows 7 and fully patched you can see no less than 3 full copies of media player.

      To get 123.exe to work on windows 10 will take a bit of work and a bit of copying. You need the old DLLs and a manifest. You will need something like dependency walker and something like process explorer. Use that on the old copy of vista. Then write down which DLLs are running there. Then copy them to the same directory as 123.exe. The method that loads up DLLs looks to the local dir first then to the path. In the background the winsxs is tricking your app into running other things from the path. Your welcome go claim your bounty.

      Microsoft doesn't give a damn about backwards compatibility.
      That could be more true now. But https://blogs.msdn.microsoft.c... where he talks about security ABOVE backwards compat.

      Win10 does seem to be missing lots of the older DLLs. That is a *good* thing. But the older DLLs do work. It is going to take a bit more work though.

    15. Re:because in windows broken security is a feature by Scoth · · Score: 4, Interesting

      I'm going to stay away from ad hominem, because it's not useful, but you pretty clearly haven't done even a little bit of research into the problem. If you get that error running a DOS program, you're likely trying to run it on a 64-bit version of the OS. This is a well-known issue (if you even want to call it an issue, because it's advertised as such) and the compatibility modes are only for 32-bit Windows programs. If the rest of your 50 programs are also DOS, I'd expect as much.

      If you need to run a DOS application, and a VM isn't an option, use a 32-bit version of Windows 10. For funsies I found a copy of Lotus 1-2-3 (2.2, as it happens, because that was what I had handy. I don't expect 2.3 to run differently) and tried it on my 32-bit Windows 10 laptop and it ran fine. Even ran in a window.

      Drop me a line and I'll be happy to claim my bounty ;)

    16. Re:because in windows broken security is a feature by Barlo_Mung_42 · · Score: 1

      So it sounds like you didn't work in the app compat group. MS is a big beast of an organization so it's forgivable to not know everything. They do have an entire group devoted to this. That's what the whole compatibility mode is for.

    17. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 1

      really? Lotus 1-2-3 2.2 runs fine in dosemu on Linux - earlier versions had copy protection on disk and won't run without hardware but 2.2 onward should run without copy protection

      pay bounty money to get someone to port spreadsheet to 21st century...!

    18. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      Aren't all those developers dead of old age or something? I mean, how is that relevant today?

    19. Re:because in windows broken security is a feature by NormalVisual · · Score: 1

      That's an urban legend. When I worked there, I didn't hear of any effort at all made for backwards compatibility, except for a few tools we used internally. We just didn't give a damn about it, and that's why Windows is so horrific at it.

      I guess the former co-worker that previously wrote shims at MS all the way up until she left there in 2012 was all in my imagination, then.

      --
      Please stand clear of the doors, por favor mantenganse alejado de las puertas
    20. Re:because in windows broken security is a feature by Gr8Apes · · Score: 2

      I can tell you I couldn't use 2008 "legacy" API calls in 2008R2, so I call bullshit.

      --
      The cesspool just got a check and balance.
    21. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 1

      Funny. Windows 95 drivers that refused to install due to an OS version check in the installer worked perfectly fine after switching compatibility mode on... and Win7 having a WinXP virtual machine seamlessly built in ... but I guess your one instance means they don't care at all.

    22. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      app app appity app, how about some apps? god i hate that word, shows how lazy the world has become, what happened to programs and software, all appity now, do you have an app for your software?

    23. Re:because in windows broken security is a feature by sjames · · Score: 1

      Score one more for MS

    24. Re:because in windows broken security is a feature by Dog-Cow · · Score: 1, Flamebait

      For all those idiot shit-faces moderating this Informative, try reading "The Old New Thing" blog by Raymond Chen. He actually works for MS, and he details many instances of Windows backwards compatibility work.

    25. Re:because in windows broken security is a feature by nomentanus · · Score: 2

      Thanks for filling the previous poster in, but that rather highlights a real problem: Because this is where Windows really shines - messages that don't give you a hint about how to proceed, where to find more information, which program even posted the message or wants permission, or posting notices underneath windows, unseen.

    26. Re:because in windows broken security is a feature by Dog-Cow · · Score: 0

      You can have all the bullshit you'd like. Given your absolutely vacuous claim that holds no water, I'm guess BS is your preferred medium.

    27. Re:because in windows broken security is a feature by thegarbz · · Score: 1

      That's an urban legend.

      There was a code leak from Windows about 5 years ago that was very heavily analysed. Among the discoveries was that the coding style was very neat and convention quite good, comments were average, but among the leak were several such "urban legends" intended to ensure a software update kept certain programs working, one of them even called out a specific Symantec product in the comments.

    28. Re:because in windows broken security is a feature by thegarbz · · Score: 1

      messages that don't give you a hint about how to proceed

      The modern message does.

      This app can't run on your PC
      To find a version for your PC, check with the software publisher

      Which is quite accurate. It won't even run in that configuration so the obvious answer is to check with the maker of the software and find a version that does work, not changing the OS. A more verbose error message describing the bits of the software and the bits of the OS is not going to be of any use to 99.999% of windows users out there.

      Windows 7 actually had a very VERY long error message complete with information about the 32bit or 64bit version and asked users to check their System Information whatever the heck that is ... It's too hard. "Your software is ancient talk to the vendor" is the appropriate response. It's up to the vendor to answer those kinds of questions.

    29. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      I would pay a bounty if I could erase your engrish from the face of the earth

    30. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 1

      Lotus 2.3 is old. Really, really old. As in 1991 old. We are talking about the DOS version, right? Didn't Lotus go straight to version 4 on Windows? I don't remember exactly... I never worked in a Lotus shop. There are versions released for windows into the 2000's, with support ending a couple of years ago. I'm going to go out on a limb and ask if you've tried updating to those versions? In theory you could chain together a series of format conversions to get to a modern spreadsheet - like Excel or Open Office.

      Alternately, running dedicated instances under VMware to get app-specific backward compatibility might work.

      Sticking with 25 year old versions of software for mission critical applications sounds like a really, really bad idea. I'd say that paying to fix up any formatting problems every time you need to touch one is a better option than keeping around Vista for your entire network. Or failing that, setting up a dedicated box (or boxes) for people to remote into whenever they need one of the offending docs. Allowing people to open, update and save changes in a 25 year old version of Lotus just feels like a huge mistake. "Resorting to running a VM" isn't that big of a deal. Certainly not nearly as big of a deal as keeping an entire company locked into an obsolete version of the OS for .... well, I was going to put "forever", but realistically it should be "until the inevitable crash that either forces a painful and expensive upgrade or bankrupts the company".

      I don't envy you the task. It sounds very much like an old circus act keeping a bunch of plates spinning.

    31. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      Windows 7 actually had a very VERY long error message complete with information about the 32bit or 64bit version and asked users to check their System Information whatever the heck that is ... It's too hard. "Your software is ancient talk to the vendor" is the appropriate response. It's up to the vendor to answer those kinds of questions.

      And this, boys and girls, is why we're currently on the downward spiral that is "tablet" computing, gnome 3 etc, where everything is obviously too difficult for someone, so no-one will have any option to do anything really, and God forbidd they'd receive any information about that.

      Case in point. I previewed a Word document on my iPad in the car the other day from the gmail client, and wanted to open it in pages to put in a few annotations. But of course Google removed the posibility to "open with something else" a couple of versions ago, since their own preview managed to view documents fine. And viewing is all you'd ever want to do with a document. Goes without saying. So it turns out that saving it in google docs is supported, and from google docs you can export it. Need internet everywhere, even when the file is already on the iPad, but what the hell. It was at least, after a bit of googling, possible. I assume that "hole" will be plugged in the next release.

      If you build stuff for complete idiots, only idiots will ever use it.

    32. Re:because in windows broken security is a feature by Scoth · · Score: 1

      Lotus 1-2-3 2.x is a DOS application. There're no DLLs, manifests, etc except for NTVDM, which as we already know doesn't exist in the 64-bit Windows world and as far as I know no one has hacked in. It'll need to be run either in a VM (whether a "light" one like dosbos or a full one like VirtualBox or VPC) or on a 32-bit version of Windows, where it'll run just fine as-is.

    33. Re:because in windows broken security is a feature by Scoth · · Score: 1

      This is a tough balance to find, and one you often see Slashdotters (such as the post below this currently) erring on the wrong side because we like verbose error messages that tell us exactly how to fix things. Whether we like it or not, computers are used by far more Joe Users than geeks, and being told to check system information because they may need x86 or x64 is only going to lead to the "Computers are hard, I'll never figure them out" thought. I've seen a lot of discussion on oldnewthing and similar about whether an operating system should have an "advanced mode" that includes more detailed errors and such, but in general the risk of someone who shouldn't be in there getting it turned on is deemed a risk.

      I don't claim to be a UI designer, so I don't really have a solution. My attempts at little webapps and things for work have mostly been middlin' at best, interface wise :)

    34. Re:because in windows broken security is a feature by Gr8Apes · · Score: 2

      https://support.microsoft.com/...

      --
      The cesspool just got a check and balance.
    35. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      eh but he worked there! how could he possibly be wrong! they even had a bounty!

      you're helpful and all but it looks like you're answering to problems never existed in the first place, especially because the solution is contained in the first result for 'running lotus windows 10'

    36. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      According to the 2nd reply on this thread you can run Lotus 123 in DosBox on Windows 10:
      http://wikipost.org/topic/0C6H...

    37. Re:because in windows broken security is a feature by Anonymous Coward · · Score: 0

      opening and converting lotus 123 for conversion to better formats is simple. If I could contact you I could help with your six hundred thousand document conversions.

    38. Re:because in windows broken security is a feature by scriptfoo · · Score: 1

      If you haven't tried already, use a 32-bit version of Windows 7 or Windows 10. It's likely that "123.exe" is a 16-bit application. Alternatively, with Windows 7 you could use XP Mode; its integration feature allows you to create a desktop icon in the host OS. Downside to XP Mode is it's per-user set up and it isn't available in Windows 8 and later. Another option is DOSBOX.

  6. I really feel sorry by present_arms · · Score: 1, Troll

    I really feel sorry for those locked in to that OS, every day it seems there is a new problem with their security, and maybe MS should break backwards compatibility and fix that shit. While they are at it they can scrap the other crap added too, no one in their right mind will willingly use an OS that spies on them regardless if it helps MS see why things break. Anyway, it's not my problem I've been MS free for years

    --
    http://chimpbox.us
    1. Re:I really feel sorry by turbidostato · · Score: 1

      "I really feel sorry for those locked in to that OS, every day it seems there is a new problem with their security, and maybe MS should break backwards compatibility and fix that shit."

      If Microsoft did that, they would loose the lock on those people, so that won't happen.

      "Anyway, it's not my problem I've been MS free for years"

      Me too. I should add, anyway, that you can't get completely free from Microsoft as long as you interact with other people, be it "you really need to have a look at this business powerpoint presentation (I can and do miss the ones about pretty kitties)" or just something as stupid as most people top-posting their emails just because that's the way outlook taught them and even get to the point of blaming on you when you properly cite when answering them.

    2. Re:I really feel sorry by Bert64 · · Score: 2

      Backwards compatibility is what's keeping them in business, if you're going to break backwards compatibility you are better off just going straight to linux.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    3. Re:I really feel sorry by phantomfive · · Score: 1

      Or to the web, which is what a lot of companies have done for internal software.

      --
      "First they came for the slanderers and i said nothing."
    4. Re:I really feel sorry by mikael · · Score: 1

      It happened to all versions of MSDOS as well (Windows 3.1 days). Hardware like dot-matrix printers, VGA, SVGA graphics boards would all depend on their own 16-bit DOS drivers. Those became useless once everything moved to 32-bit Windows 95. And again when everything moved to 64-bit Windows. Even moves from Windows XP to Windows 7/8/10 usually involved new drivers. Then there's being able to boot a PC from USB. Old PC's can't do that. Modern PC's can. Even UEFI has problems booting from CD/DVD unless the magic options are set in the BIOS.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    5. Re:I really feel sorry by Scoth · · Score: 1

      Windows 95 made a point of supporting virtually all existing 16-bit Windows 3.1 drivers. This would occasionally cripple the 32-bit enhancements to things like file access and hard drives, but they'd work. In fact, this was the biggest reason Microsoft stuck with the "significantly enhanced Windows 3.x" kernel instead of just going to Windows NT-based at the time. Silliest thing I did was manually install the EGA driver from Win3.1 on Windows 95 (or 98? Can't remember) and run it with an EGA card. I also had a parallel port CD-ROM that worked fine in Windows 95 with the DOS driver loaded, though I'd get some warnings about performance being impacted by using 16-bit real mode drivers. Still, it worked.

      32-bit to 64-bit has been a much bigger problem. I've had little trouble using 32-bit XP drivers in Vista/7 and even 32-bit 10, but 64-bit does require all new drivers. So for older hardware you're often SOL. This is one of those things that Microsoft just can't win. Either they get slammed for old code that has old vulnerabilities, or they get slammed for making people replace old hardware by dropping backward compatibility.

    6. Re:I really feel sorry by Anonymous Coward · · Score: 0, Insightful

      Actually, for the mid to upper level users, we're the ones that feel sorry for you. You put up with a lot of bugs, glitches, exclusions, and ugliness to have your "freedom." Not to mention the paranoia and zealotry that stains the Linux brethren. Meanwhile the rest of us just enjoy using computers for what we want to do. Very little time is needed for us to keep Windows running. Good thing too, because we're busy working, creating, and playing with the largest software selection in the universe.

    7. Re:I really feel sorry by Anonymous Coward · · Score: 0

      That's what we did, starting in 1999. We began developing all internal applications to have web front ends, deploying in 2000. Most of our mission-critical stuff was in-house (CRM apps, custom pricing and accounting apps, custom document creation engines, investor reporting), so it was a lot of applications. Therefore we avoided any pain around windows versions, or even desktop OS versions.

  7. Start of the new millennium by Anonymous Coward · · Score: 0

    Everyone (should) know by now, especially on Slashdot, that the start of the new millennium was in 2001.

  8. Taking remote control of the keyboard by Anonymous Coward · · Score: 0

    Is there a hack yet to take control of a keyboard and remotely send 28 backspaces to root that shit (Linux)?

    1. Re:Taking remote control of the keyboard by present_arms · · Score: 1

      You can't get "root" from grub, the best you can do is boot the computer, ffs brain dead people, they should be all shot

      --
      http://chimpbox.us
    2. Re:Taking remote control of the keyboard by present_arms · · Score: 1

      NVM, it's me that should be shot, I read the above as a statement and not a question, and the answer is no, you can't remote to grub(2) so no back spacing, just to note that it was patched before it even made headlines, all you could do is boot a pc and you had to be local, of course from local grub(2) you can gain root by just adding a "1" to the boot stanza and get single user mode. same as safe mode on windows, and you have to be sitting at the pc to be able to do it. As we all know if you get physical access to any PC it's game over.

      --
      http://chimpbox.us
    3. Re:Taking remote control of the keyboard by Anonymous Coward · · Score: 0

      It's OK, I was just being an asshole. But thanks for the sharing the info.

    4. Re:Taking remote control of the keyboard by Anonymous Coward · · Score: 0

      Windows safe mode doesn't give you administrator -- it just doesn't load most hardware drivers and I think doesn't start most (third-party) programs set to run on startup.

    5. Re:Taking remote control of the keyboard by present_arms · · Score: 1

      If it didn't give you admin access in safe mode, how would you fix it? regardless if you're at the pc physically it doesn't matter

      --
      http://chimpbox.us
    6. Re:Taking remote control of the keyboard by Scoth · · Score: 2

      Windows safe mode gives you the same login options as a regular boot, just with minimal stuff loaded. On some versions (XP at least; I don't feel like rebooting my WIn7 box to check it) you'll also have the normally-hidden Administrator account visible. This can be a problem for computers on domains - if you boot in pure safe mode and have a domain admin, getting logged in can be problematic. This is where Safe Mode with Network Support comes in handy.

    7. Re:Taking remote control of the keyboard by present_arms · · Score: 1

      Gotcha, I should have remembered that, it's been a long time :D

      --
      http://chimpbox.us
  9. On Millennia by eric31415927 · · Score: 1

    The last millennium ended Dec 31, 2000 - in my time zone.

    1. Re:On Millennia by Anonymous Coward · · Score: 0

      As it did for everyone else. Yet their are retards who still don't realize that we start the count at 1, IE 2001. 1-2000, 2001-3000 etc.

    2. Re:On Millennia by lhowaf · · Score: 1

      we start the count at 1, IE 2001. 1-2000, 2001-3000 etc.

      1-1000, 1001-2000, 2001-3000, etc.

      FTFY

    3. Re:On Millennia by Anonymous Coward · · Score: 0

      And this is why you never start the count at 1. Dennis Ritchie and Ken Thompson where right! Look at all the confusion this cause even years after the fact.

    4. Re:On Millennia by 93+Escort+Wagon · · Score: 1

      we start the count at 1, IE 2001. 1-2000, 2001-3000 etc.

      1-1000, 1001-2000, 2001-3000, etc.

      FTFY

      No, the first millennium AD was a leap millennium and included a bonus 1000 years.

      --
      #DeleteChrome
    5. Re:On Millennia by Anonymous Coward · · Score: 0

      So, uh, what happened in the "year zero", historically speaking? Keep in mind that 1 BC was followed by 1 AD as the next year in the BC/AD/BCE/CE calendar scheme ( https://en.wikipedia.org/wiki/Anno_Domini ). With the various epochs for years, we have to start with one, which determines that the ending year ends with a zero for any given epoch, whether decade, century, millenium, etc.

    6. Re:On Millennia by MrL0G1C · · Score: 1

      That method of labeling millennium is quite frankly bizarre, When someone says last millennium I and many people will think up to 1999 Dec 31 at 23:59:59, which was pretty much the time when the big celebrations were.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    7. Re:On Millennia by Anonymous Coward · · Score: 0

      1BC is 1AD minus 1, 2BC is 1AD minus 2, etc. There is. There is no year zero. That that is stupid and not ANSI compliant.

  10. So, essentially, this means... by Opportunist · · Score: 1

    ...that Windows needs to be compatible with software that relies on security holes.

    At least that's what I take from this statement.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re: So, essentially, this means... by Tolkien · · Score: 1

      What it means is that this chain of exploits is about to become exceptionally popular as Microsoft can't fix them, thereby ensuring that soon even the least knowledgeable of script kiddies will be able to gain access to systems on which they're not welcome.

      --
      how is babby formed?
  11. Re:Smell the Glove! by smittyoneeach · · Score: 1

    Spinal Tap forever!

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  12. Nice by Anonymous Coward · · Score: 3, Insightful

    Whatever you do, for the love of god, don't give us a broad outline of attack vectors, who might be vulnerable, or attack mitigation practices.

  13. what happens if i put a hot potato in my butt? by Anonymous Coward · · Score: 0

    with sour cream and onions?

    1. Re:what happens if i put a hot potato in my butt? by Anonymous Coward · · Score: 0

      Then you'll be the average slashdot reader.

  14. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 1

    DOS ain't done 'till Lotus won't run.

  15. If not on a managed domain, turn off the services. by Anonymous Coward · · Score: 0

    If you're just using a small LAN w/o domain management you can turn Netbios and Auto-proxy stuff off completely and will never miss it.

    These exploits work because M$ leaves services on by default that most users will not turn off until it breaks something critical. True since forever.

  16. RTFA by Anonymous Coward · · Score: 0

    So, in summary, Windows is vulnerable if:

    1) A malicious actor is already on your Windows server
    2) You don't have a predefined and locked down via GPO's etc....proxy setting
    3) An unpriviledged user can start up a http server on your systems

    You got bigger problems if 1,2, and 3 are true, or I totally mis-read the article

    1. Re:RTFA by ledow · · Score: 5, Interesting

      Well, it assumes an awful lot. But I think they are saying they can, for example, spoof a ton of responses to any machine that MIGHT be about to connect to you, and thus gain some privilege escalation from that conversation. Quite how they get higher than the privileges assigned to the user making those requests isn't clear, but it sounds like it could be possible.

      But they even think SMB signing might defeat it, but haven't finished looking into that (which is suggestive that it does indeed defeat it, to be honest).

      The fake WPAD responses? I don't know about you, by my WPAD data is given out by my DHCP server, not by anything else, and I believe that overrides most things. It's then double-set by a GPO and a DNS entry too. You'd have be in my network faking DHCP or able to override GPO settings and that's quite a way past what you need to be able to attack me anyway (P.S. my network switches will go ape-shit and cut you off if you do that).

      They seem to be claiming that when something makes a request from the network for a WPAD query, they can fake every possible response until whatever was asking takes the FAKE response as genuine. That might well cause a machine to switch a proxy. But it would seem by that point to be already inside the network and able to do an awful lot worse damage anyway.

      "Extended Protection for Authentication" is the mitigation for "the last stage of the attack" (where they are already spoofing WPAD settings and intercepting all web access from the machine in question, and just attack NTLM authentication via that for services that still try to use NTLM and WPAD entries). That was introduced in XP and Vista, by the way. I think by that point, you're fucked anyway.

      I'm more interested in quite how something gets to do things like take up EVERY UDP socket on your system without otherwise cocking up and giving you tons of warnings elsewhere, and then manages to be in the line of fire for replying to a WPAD setting that's overridden by other browsers, by GPO, by DHCP settings, etc. and then use that to suddenly send all your requests to... yourself it looks like, and try to defeat NTLM auth.

      It seems like one of these "LOOK HOW DANGEROUS" attacks that, although technically they aren't lying when they say they've got it to work on all these things, requires a combination of circumstances so extraordinary that you're already fucked before they start sending a packet.

      The biggest problem I have? Minus some keywords that are pure filler in this article, there isn't a single mention of this that I can find anywhere else on a search engine. Literally, it's all regurgitated press releases with the same phrasing, ALL pointing to the same article. Yet it was supposedly released a while ago.

      And the only thing we can apparently do about it at the moment is enable an option that breaks shit and only combats the very last stage, where it's already game over and they get to choose from a myriad of services that might trigger an NTLM-authenticated HTTP connection using a given WPAD proxy (which I imagine can't be that hard to find in major pieces of software or other areas of Windows).

      Wait for a fix, or at least a decent analysis, but I wouldn't really go into a panic.

    2. Re:RTFA by Anonymous Coward · · Score: 0

      That how I feel too....you are fubar'd if someone is in your network to the point they can do this.

      but, now I'm going to get to spend the next week trying to come up with convincing mitigations for my executive management who will read this, not understand and basically go "OMG!!!! We are screwed! I need to know how we are going to prevent this."

      I'm tired of security companies finding obsure and 'you are already fucked' security risks and releasing press releases etc to make a name for themselves so I spend my teams time trying to calm down the executives rather than focusing on real risk.

    3. Re:RTFA by Anonymous Coward · · Score: 0

      The biggest problem I have? Minus some keywords that are pure filler in this article, there isn't a single mention of this that I can find anywhere else on a search engine. Literally, it's all regurgitated press releases with the same phrasing, ALL pointing to the same article. Yet it was supposedly released a while ago.

      Clearly you haven't had enough StartsWithABang. You must be reeducated.

    4. Re:RTFA by Anonymous Coward · · Score: 0

      I have had to deal with the same issue many times. All kinds of worries about remotely stealing this, that or the other secret from our network - which is highly secured and monitored by large 3rd-party service providers. Meanwhile, the same secret data could be had by physically walking into an unsecured (other than a locked door) and empty facility at night and walking of with either physical copies of the information on paper, or just picking up the servers and walking out with them.

      It might sound silly, but it certainly would be a lot easier to either steal the entire server farm for our midsize company and get it working in your criminal lair than to hack through all the layers you'd need to find the valuable tidbits on the network. Or you could take the even easier route and buy off a network admin or one of the staff accountants. If the secret was worth tens of millions, that should be pretty easy to do. (in our case it was more like 100's of millions).

      I eventually convinced them that we needed to spend a few bucks on night security, at least. Still, the employees remain a more vulnerable vector than the network for that kind of data. Well, that and the continuing threat of a set of requirements being handed down from some executive that requires remote access to secure data by random third parties. That sort of request is pretty common too.

  17. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    Micrisoft wants to force you to buy new software so they don't even try wrt backwards incompatibility.

  18. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    Had to go back 20 years to find an example so the point stands.

  19. Compatibility is "mostly overrated" by Anonymous Coward · · Score: 0

    I would rather a few things break, than to never have to re-write software that may never be looked at ever again... *cough OpenSSL*

  20. Windows Security Updates equals... by Anonymous Coward · · Score: 0

    A BAND-AID made out of rancid hell spawned festering pus. No matter how much you patch it, it leaks like a submarine with a screen door.

  21. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    I've never seen that comparability option fix a single problem the hundreds of times I've tried it b

  22. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 1

    I've had several applications work by setting a compatibility mode. Ha! My anecdote beats your anecdote! Take that!

  23. Sounds sexy by wonkey_monkey · · Score: 2

    Hot Potato Exploit

    Name me one potato exploit that isn't hot.

    --
    systemd is Roko's Basilisk.
    1. Re:Sounds sexy by Anonymous Coward · · Score: 0

      Hot Potato Exploit

      Name me one potato exploit that isn't hot.

      cold potato in the exhaust pipe enables denial of service attack on internal combustion engines

    2. Re:Sounds sexy by penguinoid · · Score: 1

      Hot Potato Exploit

      Name me one potato exploit that isn't hot.

      The couch potato achievement.

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    3. Re:Sounds sexy by Anonymous Coward · · Score: 0

      Cold fusion is a type of potato exploit, right?

  24. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    And the "Run compatibility troubleshooter" never fixes anything. I work for a large law firm so we have dozens of different DOS programs we have to run. Most work fine with Vista, Microsoft fired all of their older programmers and not backwards compatibility is almost completely broken.

  25. Re: because in windows broken security is a featu by Anonymous Coward · · Score: 0

    And using that metric, Windows 10 is great.

    But seriously, Microsoft doesn't even try when it comes to backwards compatibility. Vista is OK, 7 trashed most software. Only the newest programs will run.

  26. Clear priorities... by Archtech · · Score: 1

    "All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system".

    Because that is far more important than security.

    "Windows, The Compatible Family: All Members Are Equally Vulnerable - And In The Same Way!!!"

    --
    I am sure that there are many other solipsists out there.
    1. Re:Clear priorities... by Anonymous Coward · · Score: 1

      It is. Nobody uses Windows because of security.

  27. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    When I quit Microsoft in 1995, we had already mostly quit trying at backwards compatibility. I find it amusing there's still people like suutar that still believe that Microsoft tries.

  28. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 1

    I've had several applications work by setting a compatibility mode. Ha! My anecdote beats your anecdote! Take that!

    So you think it works because it worked a few times while it didn't work hundreds of times for someone else? Do you work QA for Microsoft?

  29. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    If you think sixteen years old is legacy, you must be very young.

  30. Re: because in windows broken security is a featu by Anonymous Coward · · Score: 0

    He is very naive. I work on the build team for Windows, and I hear about only a tiny bit of backwards compatibility work being done.

  31. Re: because in windows broken security is a featu by Anonymous Coward · · Score: 0

    Naïve is correct. We stopped trying about the time Bill Gates left. He cared about backwards compatibility, but I have never once heard John Tompson mention it.

  32. Re: because in windows broken security is a featur by Gadget_Guy · · Score: 2

    Had to go back 20 years to find an example so the point stands.

    And yet the only actual counter-example that has been given by anybody so far is Lotus 1-2-3 version 2.3, which predates Windows 95 by four years.

    I still run a 32-bit Windows 7 system as a games PC so I can run old games. I have been amazed to find games from Windows 95 era work, and been blown away when I found some old Windows 3.1 programs and tried them for a laugh only to find that they too worked.

    Of course, these wouldn't work on a 64-bit version of Windows, since they lost the ability to run 16-bit applications. But I don't think that you can say that they are not serious about backwards compatibility simply because they no longer run programs from 2 decades ago.

    You can still easily find lots of programs that no longer work, but who is to say that this is just sloppy work from Microsoft instead of the programs themselves doing something that was outside the official documentation, or just stupid things like self-modifying code or programs that assume they have administrator-level access to resources.

    For more modern examples of backwards compatibility features in Windows, how about Vista's *File and Registry Virtualization*, which, for example, redirects file writes under Program Files to the users "AppData\Local\VirtualStore\Program Files" folder so old programs that blindly write config and log files alongside their programs will still work. Then there is the ever-growing WinSxS folder full of old versions of DLLs to maintain backwards compatibility. Windows 7 did away with some of the old cruft by making single DLLs that responded to multiple versions.

    With all that going on in different versions, it makes me wonder about the truthfulness of the Anonymous Cowards who supposedly worked at Microsoft and who have been claiming that they had never heard backwards compatibility being mentioned there.

  33. Re: because in windows broken security is a featur by Scoth · · Score: 3, Interesting

    The main use I've found for it are for games that came out in that time between Direct3D and Windows 2000 that assume that Windows NT == No Direct3D and pop up a "This program doesn't support Windows NT" error. Setting them to Win95/98 compatibility mode make them work just fine. I can think of Viper Racing for one, and it helps Grand Prix Legends' graphics work better. On the other hand, Homeworld works better in NT 4.0 mode because it disables the slightly buggy-on-new-Windows DirectX and forces it into OpenGL mode, which works great.

    In more recent times I've had it help with a couple utilities and tweaks like Mute on Lock that break with Windows 7's (and Vista's?) updated audio engine.

    I can't think of too many things I've tried it on that haven't worked, really. Most of the complaints I've seen about it are people trying to run DOS or 16-bit Windows apps on 64-bit Windows, which isn't going to work no matter how many compatibility modes you try.

  34. Re: because in windows broken security is a featur by phantomfive · · Score: 1

    With all that going on in different versions, it makes me wonder about the truthfulness of the Anonymous Cowards who supposedly worked at Microsoft and who have been claiming that they had never heard backwards compatibility being mentioned there.

    There's an AC who's been posting here for a while who somehow seems to be an expert on every subject. If it's a story about medicine, he says "I'm a doctor and...." If it's a story about law, he says, "I'm a lawyer and....." If it's a story about child abuse, he says, "I was abused as a child and....." But if you read the post carefully, there are frequently mistakes that draw the claims into question.....

    --
    "First they came for the slanderers and i said nothing."
  35. Re:Still not as bad as Linux. by tetraverse · · Score: 1

    @anonymous Coward: "Linus Torvalds has repeatedly said he doesn't give a SHIT about security. Say what you want about Windows, but at least Microsoft cares about the security of their products. What kind of a loser still uses Linux given their lax attitude to their own customers? ref

    Dear Mr. Anonymous Troll, do you have any verifiable citation to support your typings?

  36. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    Obviously the situation is "works some times". For instance Win 8.1 Compatibility mode tweaks enable me to run Scrabble written for Windows 3.1 with the main requirements being 256-color mode, along with the bundled win32g.dll copied to \windows\system32 - and nowhere else, not even in the scrabble.exe directory, although that fails for 64-bit Win 8.1 on another PC with claims by scrabble that it cannot find win32g.dll despite my copying that works with 32-bit Windows 8.1 PC's. Note that I am not claiming any other "super powers" for Compatibility mode, just a "data point".

  37. Re: because in windows broken security is a featu by Anonymous Coward · · Score: 0

    Copy it to c:/windows/syswow64 instead of system32. That is the 32 bit compat folder.

  38. Re: because in windows broken security is a featu by Gr8Apes · · Score: 2

    Bill didn't care about backwards compatibility, or rather, he cared that things weren't backwards compatible at all. See Office95's release and complete lack of interoperation between previous versions across all platforms, including windows. Yep, backwards compatibility indeed.

    --
    The cesspool just got a check and balance.
  39. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    > how about Vista's *File and Registry Virtualization*, which, for example, redirects file writes under Program Files to the users "AppData\Local\VirtualStore\Program Files" folder so old programs that blindly write config and log files alongside their programs will still work

    Had a fun run-in with that once, I had an old game on the one hand, and on the other, a utility for editing that game's save files. Since the old game used Program Files to store its saves in (like you do) they were redirected to VirtualStore. However, the utility wasn't redirected (since I was running it from another directory) and kept claiming it couldn't see any savegames to edit, even though it was clearly configured to look for saves in the right place!

    I spent HOURS trying to work out why I could see the saves in Explorer, the game could see them, but the utility magically couldn't...

  40. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    Yeah, the compatibility option is BS. The only setting I've seen make some older programs work is disabling desktop compositing.

  41. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    Maybe you were shit and fired. I'm eating and too lazy to Google for it, but examples of what OP is referring to is documented and was recently referred to from Slashdot in the last month or two.

  42. Re: because in windows broken security is a feat by Anonymous Coward · · Score: 0

    You must be busy in meetings 24/7 to hear about what the other tens of thousands of workers are working on.

  43. Perfectly Secure Computer: unplugged by Tenebrousedge · · Score: 1

    Linus did say that security is not the end-all be-all of Linux.

    "Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about."

    Which is not to say that it's insecure; given that it runs on more devices than any other OS, any exploits would be huge. I'm not really sure how Windows security measures up these days, but I get the impression that the typical Windows install has a greater amount of exposed moving parts.

    --
    Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
    1. Re:Perfectly Secure Computer: unplugged by tetraverse · · Score: 1

      'Torvalds has often said — and reiterated after the meeting in Seoul — that he is open to new kernel defenses if the cost in performance is reasonable. But debate remains about what qualifies as “reasonable.”,

      I don’t think you have an alternative,” Torvalds said in the interview with The Post. “I don’t think you can design things better than they evolve. ... It really is working very well.” ref

  44. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    If you're trying to run DOS programs you'll be better off using DOSBox or Bochs. 64-bit versions of Windows cannot run 16-bit programs.

  45. Re: because in windows broken security is a featur by Anonymous Coward · · Score: 0

    I remember DEC's error messages. You knew exactly how to proceed. Windows' crappy error messages are just another example of lowest-common-denominator products being released to the American consumer. God forbid we actually tell them what's wrong.

  46. 16 bits Windows 3 applications... by Frederic54 · · Score: 1

    ...still runs on Win10 (32bits), I tested an application from 1993, it works fine, I must say this is impressive ;)

    --
    "Science will win because it works." - Stephen Hawking
  47. Re: because in windows broken security is a featu by Anonymous Coward · · Score: 0

    The only programs I've not been able to run in 7 compared with older versions are a result of architecture - 16-bit programs will not run on a 64-bit OS. Not on Windows, not on Linux, not on nuttin.