whether you can find a collision in the hashing algorithm that manages to match your nefarious code changes is irrelevant, since you will not be able to sign the hashcode with MS's private key -- this is the extra step that differentiates it from tripwire.
Yes, that is the logical conclusion of any "but then you can... and then.. and then..." type dissection of software protection mechanisms (and is why s/w DRM is doomed to fail). We could continue this exchange indefinitely, but where do you draw the line?
...and besides, where are you pulling this 99% from? what are the use cases in which this level of success is applicable? what is "success" in this context? Sounds to me like you're just coughing up random FUD. Please support your claims with evidence.
WPF is primarily about protecting the system against badly written installers that overwrite system DLLs with old versions: also known as DLL-hell. The same issues exist on *nix, different glibs, ncurses, blah blah etc. WPF is only a small cog in security picture.
Again, this depends on the context. Boot from your own CD (winpe, erd commander, knoppix, etc), you can do what you like: subvert software with software.
Nothing is 100% foolproof, you know that. It is software-based after all: anything that is protected in software, can be subverted in software. Regardless of sending keystrokes etc for drivers, a properly secured windows box will have group policy set preventing installation of unsigned drivers.
Yes, when one is running as admin, the point is moot.
incorrect/fud. you modify the version in dllcache, nothing happens; then when you modify the system32 version, it checks the dllcache version, see it's corrupt (signature/checksum failed) and will prompt you for product cd.
>What is there to stop a virus making edits to the dll binary? Changing the strings that presently >correspond to the IP addresses of MS domains to some random, invalid address?
Yes, there is a mechanism built into Windows which uses digital signatures and a watchdog to prevent accidental (or deliberate) changes to sensitive DLLs. Any binary changes to any file will invalidate the signature on the DLL. This is more effective than tripwire or other such things whereby a checksum is held in another location since the DLL itself is signed using a PK and cannot be re-signed to hide the changes.
> wow, visual studio for free for one year man... what should i do after 366 days ?
well, you continue to use it. You misinterpret the language: it's free _forever_, as long as you download/register it in the first year. This is an understandable misunderstanding (!) as we're all paranoid of the immense legalese that accompanies many ms products.
"Visual Studio and Microsoft tools force you to adopt programming techniques designed around implementation speed, not understanding or quality"
Force? noone's forcing me to use the RAD tools; I use VS primarily as an editor with intellisense and solution/project file management; no more, nor less. FUD.
Yeah, I agree with you -- I had to read the story twice and I still didn't understand it properly. It contradicts itself, and sometimes just reads like hyped up garbage. There's a link at the bottom of the original article that probably makes more sense. I'm gonna read it now.
This is typical of the Register's technical reporting btw, they often fuck up the retelling.
> Clearly the courts think that blackberry stole a patentable idea
Or not quite so clearly, the Canadians come up with a great product that gets to market first, big American business is pissed off that there's a huge market that they couldn't succeed in no matter how many piece of crap wireless email enabled devices they spit out, so they decide to try to block it for as long as it takes for an American company to clone the device, call it a Raspberry and make all that lovely money they feel they deserve in their country since it's un-american to let foreigners take away american jobs.
Yeah, and don't I feel stupid deleting that smug git "Tom" from my friends list* now that he's rolling around nekkid in $580m. Tom? Be my friend? Answer my emails Tom??
The Slashdot editors are posting FUD again. From the IE Blog:
...Windows 2000 SP4 moves from mainstream to extended support. The key difference between mainstream support and extended support which I think is most relevant to this audience is this quote from the lifecycle site: "Microsoft will not accept requests for warranty support, design changes, or new features during the Extended support phase." We will of course continue to keep our Windows 2000 SP4 customers secure with security updates through the life of Windows 2000 (through 2010).
So, no, it's not the final nail: The article is blatently misleading, or just plain wrong. Essential fixes like security fixes will continue for at least another 5-6 years.
Can we please move away from this partisan hackery, and have the old slashdot back? please? anybody?
Slashdot Mirror
Sounds like you need Linux then. Welcome to the world of choices.
Touché; however, that analogy would still apply to all wheels [shells] ...
RTFM mate. This is not reinventing the wheel. It's adding a few more spokes, better tires and tougher rubber.
- Oisin
whether you can find a collision in the hashing algorithm that manages to match your nefarious code changes is irrelevant, since you will not be able to sign the hashcode with MS's private key -- this is the extra step that differentiates it from tripwire.
Yes, that is the logical conclusion of any "but then you can... and then.. and then..." type dissection of software protection mechanisms (and is why s/w DRM is doomed to fail). We could continue this exchange indefinitely, but where do you draw the line?
- Oisin
...and besides, where are you pulling this 99% from? what are the use cases in which this level of success is applicable? what is "success" in this context? Sounds to me like you're just coughing up random FUD. Please support your claims with evidence.
WPF is primarily about protecting the system against badly written installers that overwrite system DLLs with old versions: also known as DLL-hell. The same issues exist on *nix, different glibs, ncurses, blah blah etc. WPF is only a small cog in security picture.
- Oisin
Again, this depends on the context. Boot from your own CD (winpe, erd commander, knoppix, etc), you can do what you like: subvert software with software.
- Oisin
Nothing is 100% foolproof, you know that. It is software-based after all: anything that is protected in software, can be subverted in software. Regardless of sending keystrokes etc for drivers, a properly secured windows box will have group policy set preventing installation of unsigned drivers.
Yes, when one is running as admin, the point is moot.
- Oisin
incorrect/fud. you modify the version in dllcache, nothing happens; then when you modify the system32 version, it checks the dllcache version, see it's corrupt (signature/checksum failed) and will prompt you for product cd.
>What is there to stop a virus making edits to the dll binary? Changing the strings that presently
>correspond to the IP addresses of MS domains to some random, invalid address?
Yes, there is a mechanism built into Windows which uses digital signatures and a watchdog to prevent accidental (or deliberate) changes to sensitive DLLs. Any binary changes to any file will invalidate the signature on the DLL. This is more effective than tripwire or other such things whereby a checksum is held in another location since the DLL itself is signed using a PK and cannot be re-signed to hide the changes.
Windows File Protection: http://support.microsoft.com/?kbid=222193
- Oisin
I've nothing more to add than to say "well said," plover; Nerdlings (or nerds-to-be) need delicate watering or the weeds can invade...
- Oisin
> wow, visual studio for free for one year man ... what should i do after 366 days ?
well, you continue to use it. You misinterpret the language: it's free _forever_, as long as you download/register it in the first year. This is an understandable misunderstanding (!) as we're all paranoid of the immense legalese that accompanies many ms products.
- Oisin
"Unpatched firefox 1.5 exploit made public recently by an unknown source who refused to name himself or other..." *crash*
>I think many here would disagree. Nonprofits are not driven by motives
> which could be considered the mirrored opposite of commercial corporations
Yes, you're quite right; non-profits are driven by motives far less rational: religious fervour for OSS.
> For fuck's sake, rebel!(Score:-1, Troll)
> by Anonymous Coward on Friday October 28, @05:34PM (#13900108)
> WAKE UP PEOPLE OF THE USA!
Eh, that's the big joke: ~50% of them thought they _were_ rebelling. Look what they got?
- Oisin
"Visual Studio and Microsoft tools force you to adopt programming techniques designed around implementation speed, not understanding or quality"
Force? noone's forcing me to use the RAD tools; I use VS primarily as an editor with intellisense and solution/project file management; no more, nor less. FUD.
- Oisin
Yeah, I agree with you -- I had to read the story twice and I still didn't understand it properly. It contradicts itself, and sometimes just reads like hyped up garbage. There's a link at the bottom of the original article that probably makes more sense. I'm gonna read it now.
This is typical of the Register's technical reporting btw, they often fuck up the retelling.
- Oisin
> Clearly the courts think that blackberry stole a patentable idea
Or not quite so clearly, the Canadians come up with a great product that gets to market first, big American business is pissed off that there's a huge market that they couldn't succeed in no matter how many piece of crap wireless email enabled devices they spit out, so they decide to try to block it for as long as it takes for an American company to clone the device, call it a Raspberry and make all that lovely money they feel they deserve in their country since it's un-american to let foreigners take away american jobs.
or maybe I'm just paranoid.
- Oisin
Google Reader slashdotted -- anyone got a link to the google cache version? LOL.
googles slashdotted, so here's a link to the google cached version... err... oops, that won't work. :)
- Ois
But they let the "Federation of Active Commonwealth Terrorists" on-board, so you must have done something really really bad.
- Oisin
Yeah, and don't I feel stupid deleting that smug git "Tom" from my friends list* now that he's rolling around nekkid in $580m. Tom? Be my friend? Answer my emails Tom??
(* he's added by default when you sign up)
- Oisin
Can we please move away from this partisan hackery, and have the old slashdot back? please? anybody?
- Oisin
correction to self: The GC cannot free x because y references it, and vice-versa.