Slashdot Mirror


User: Sancho

Sancho's activity in the archive.

Stories
0
Comments
5,182
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,182

  1. Re:A cold day in Hell.. on WoW Players Targeted By Windows Flaw Exploit · · Score: 1

    Their terms of service prohibit the sale of items/gold outside of the game. They can cancel the accounts of people who do this, and order the cancellation of eBay auctions (after all, the 'property' that is sold doesn't belong to the ebayer, it belongs to Blizzard). I'm not sure what steps they could take against non-US sellers, though.

  2. Re:Soulbind Gold? on WoW Players Targeted By Windows Flaw Exploit · · Score: 1

    Soulbinding isn't a choice--it's something that happens to some items (most often quest rewards) that prevents the reward from being transferred/used by other players. Gold cannot be soulbound--as others have pointed out, that would render it somewhat useless. Soulbound items can be sold to NPCs, however they can never be bought back. This does mean that soulbound items would still have value to a hacker who was trying to make real-world money.

  3. Re:and in a related story... on VBootkit Bypasses Vista's Code Signing · · Score: 1

    And linux is pretty much immune to viruses. Linux is inherently more secure than windows because applications don't run as root; they don't have permission to modify /usr

    Ah, but when I run Windows, I don't run as Administrator, either. But even so, these modifications aren't needed to hide from the user running them. They are needed to hide from root. A Linux trojan could create a new directory in /home/[user], install some trojan binaries there (like ls, cat, echo) which will help hide the virus, and then modify the user's path so that the new binaries are called if the user doesn't specify the full path (which, frankly, most users don't do).
    Hiding from GUI environments might be harder, but I'm not convinced that it is impossible, and frankly, what users are going to know that there's anything amiss anyway? Just glancing at all the dotfiles in your home directory, can you name which program put each one there? Can most Linux users?

    modify the kernel on the fly and things like that.

    Ah, but with Vista-64, Administrator processes can't do this, either.

    If there's an exploitable hole in Firefox, it can muck up _my_ home directory and start to do things as me

    Most of the bad things that a virus does is to the user. Stealing private information, spamming, etc. do not require root.

    but due to the nature of unix where you can see what processes are running and you can terminate them, the scale of the problem is reduced.

    It depends on the user. If the user can't do these things out of a lack of knowledge (most people who run Linux don't know what processes should and shouldn't be running), then they need helper tools. If they run the helper tools as their own user or through sudo, their output cannot be trusted.
    And as an aside, the most popular "newbie" distribution right now (Ubuntu) does not even have root enabled with a password by default, so logging in as root may not be an option, anyway.

    The virus can't hide itself in my directory - at least, it can't hide itself from the ls command because it can't modify ls.

    It can't modify itself from /bin/ls, but it can certainly hijack your path, as I mentioned above. Is your average user going to use /bin/ls? Are there other ways the virus can hide, such as in a dotfile that the user probably doesn't know much about anyway (as I mentioned above).

    And another reason that linux is inherently more secure than windows is the entire design philosophy which treats data as data, not code which is just one mouse click away from being executed.

    Windows has gotten much better about this, and NX helps a lot, too (enabled by default in my BIOS, and I THINK by default in new versions of Windows--but don't hold me to that).

    Part of the problem is that you're mixing up your standpoint. Competent users will be able to avoid viruses regardless of the platform they use. Incompetent users will get compromised, regardless of the security of the system (unless the system is a black box that they can't run unauthorized code on). I ran Windows as my primary OS for years, during the worst parts of their security problems, and I never had virus problems. My machine ran fine (no slowdowns) and my firewall logs never gave me any indication that I had an infection. I switched to Linux for a variety of reasons (none particularly idealogical) and never had any problems either (but for reasons of market share, I didn't expect any).

  4. Re:kernel-level compromise .. on VBootkit Bypasses Vista's Code Signing · · Score: 1

    You seem to have problems with thread/reading comprehension.

    The subthread you referred to was talking about viruses, not intentional compromise for the purpose of subverting the Vista kernel and its security (most likely for the purpose of bypassing DRM, but possibly also just to run a driver from a company who was too cheap to buy a signing cert). You may be able to socially engineer someone into leaving that CD into their computer, thus compromising it, but for a worm or trojan to bypass the security mechanisms, they would need an exploit of some sort which allowed them to run kernel-level code.

    Maybe putting it more simply will help. Yes, VBootkit bypasses security. But a virus likely won't be able to make use of VBootkit on a CD (yeah, it's possible with a complex scenario involving a compromised CD burner and the user leaving that CD in the drive during the boot process.)

    How exactly does x64 Vista prevent the boot sector being compromised?

    Because writing to the boot sector requires kernel-level code to run? If you need kernel-level code to run, and your virus doesn't have an exploit which allows it to do this, your boot-sector is safe.

  5. Re:intended use ? .. on VBootkit Bypasses Vista's Code Signing · · Score: 1

    Yes, that's what "intended to give control back to the user" meant. Was it too vague?

  6. Re:Is it just me that thought on VBootkit Bypasses Vista's Code Signing · · Score: 1

    Are you referring to me proposing that they may have used a hacked copy to test their exploit, or to them proposing that it probably works on the retail version of Vista, even though they "didn't test it."

  7. Re:Is it just me that thought on VBootkit Bypasses Vista's Code Signing · · Score: 1

    But EULAs aren't 100% enforceable, and Microsoft knows this. However copyright law applies, even if all EULAs were thrown out the window today, and if they did not have a legitimate copy of Vista on which to test their exploit, then they would virtually be admitting to breaking the law by showing proof that it works on the release version.

  8. Re:spin double plus good .. on VBootkit Bypasses Vista's Code Signing · · Score: 1

    Ah, removing content and replacing it with elipses in order to make it like I said something else. I bet you're in politics, aren't you?

    In Vista RC1, there were ways to permanently disable signing as a requirement for kernel drivers. You could pass some magic flags to BCEDIT.EXE and you were golden.

    These flags are apparently ignored in RTM. I can't verify this myself, as I don't have an x86-64 machine lying around, but most of what I've read on the subject suggests that the Vista you buy in stores does not have the standard ability to disable the signing requirement for x86-64.

    Yes, that's what the article is about, and yes, that's why it's an interesting story.

    In case you aren't a native English speaker, the parentheses I used were clarifying that I was referring to x86-64 instead of x86-32. I was not intending to imply that the article discussed the flags to which I was referring (which I believe someone in the tree of comments pointed out in a reply to me).

  9. Re:and in a related story... on VBootkit Bypasses Vista's Code Signing · · Score: 1

    Well, if you want to get back control of your computer, you could uninstall Vista and install Linux.

    Sure, this technique could be used to let you modify Vista and patch device drivers and so on, but you'd still be fighting Microsoft and their whole "we'll tell you where to go today" attitude toward operating systems.


    I've always likened the Open Source movement (of which you are quite obviously a supporter) to the Women's Lib movement of a few decades past.

    Most people don't realize what Women's Lib was really about. It wasn't about getting women out of the home and into the work place. It wasn't about burning bras. It wasn't even REALLY about equality. It was about choice. Women that they had fewer choices than men (and indeed, they did). Women's Lib said that women should be free to work, regardless of what their husbands or society said.

    But some proponents of women's rights got the message all twisted up. They felt that any woman who didn't choose to exercise those rights was setting back the cause of women everywhere. If a woman wanted to be a stay-at-home mom, she was clinging to the old ways. In fact, she was making her choice, but just like the rest of society, these fervent Libbers were trying to coerce her to fit into their agenda.

    Open Source is similar. You get fanatics who use rhetoric to try to convince people to leave commercial operating systems behind and use their free ones. The problem is that, when you get right down to it, Open Source is just about choice. It's about freedom, yes--the freedom to choose an alternate computing lifestyle. But as I read your post, all I could think about was how it was a mere hair's width away from those fervent Libbers of which I typed. And then you made that Cave Troll analogy and the statement "take back your dignity" and stomped right on that hair.

    If I want to use Vista, I should be able to. That doesn't mean that I shouldn't also have control over my computer. I shouldn't have to give up those games, or that HD DVD/Bluray playback, or my Microsoft Outlook, or my general look-and-feel which isn't truly duplicated anywhere in the FOSS world. If I want to, I should be able to have my cake and eat it, too.

    Most of your post has some truth to it, but a great deal is simply rhetoric. There will always be open source software? That's a pretty big claim. No licensing issues? Tell that to Red Hat. No degraded picture quality? More like no UPGRADED picture quality (can't watch that Bluray disc, can you?) "Microsoft's interestes do not align with [my] interests"? Of course not. Few if any corporations interests lie with mine. Do you own a car? Buy gas? Own a computer (this one certainly seems likely)? Then you have conducted business with companies whose interests do not align with yours.

    But I've saved the best for last: "Pretty much immune to viruses"? That's an absurd statement. Linux is not inherently more secure than Windows--it is targetted less simply because it has no significant marketshare. Any programmer could write a Linux virus with a trojan-based infection vector. They don't, because there's too little to gain. There have been vulnerabilities in recent history with libraries that many open source browsers use to render pages and display images. These sorts of vulnerabilities, akin to the .ANI bug recently found in Windows, would allow for compromise simply by visiting a website which contained malformed content. Did we see infections because of this? No, because the people who do that sort of thing have no interest in compromising Linux workstations.

    Truly, if Linux became more significant on the desktop, you would see more comprimise attempts. The biggest protection it has is obscurity.

    Please be aware that I am typing this on a Linux machines. I'm using Opera (not FOSS, but I prefer it--remember that choice thing?), Ubuntu 6.10. Currently open applications are 4 xterm windows (each connecting to a remote

  10. Re:Who even still users WEP? on WEP Broken Even Worse · · Score: 1

    Yes, but there are a lot more people in the world that know how to turn doorknobs than who know how to crack WEP.

    It's not secure, but that doesn't mean that it doesn't filter people out.

  11. Re:Looks like it on VBootkit Bypasses Vista's Code Signing · · Score: 1

    I honestly don't know. I wouldn't be surprised if Vista did some boot sector wizardry, but frankly, if you've compromised the boot sector, you should be able to patch that behavior, too.

    It seems a hair easier for the average DRM-bypasser, though, to just use this CD which patches memory during the boot process rather than to boot Linux, patch the boot sector, then reboot. It also may make it easier to revert, in the event that Microsoft patches break booting in this way.

  12. Re:Looks like it on VBootkit Bypasses Vista's Code Signing · · Score: 1

    Yes, I said that several places, myself.

    But people wanted to talk about viruses which do get kernel access modifying the boot sector to maintain that access, which is where all that intellectual masturbation came from.

  13. Re:and in a related story... on VBootkit Bypasses Vista's Code Signing · · Score: 1

    I think that is the whole point of this procedure, yes.

  14. Re:Looks like it on VBootkit Bypasses Vista's Code Signing · · Score: 3, Informative

    Apparently, administrator cannot disable the code-signing requirement (at least, not on X64, which is what this article talks about). Although there has been talk of this as a possibility, the more I look, the more it appears that this was a pre-RTM setting which is now ignored.

    Yeah, we'll see some worms, but like I said, I doubt they'll be of the magnitude of some of the ones in recent memory.

  15. Re:Looks like it on VBootkit Bypasses Vista's Code Signing · · Score: 1

    The issue is whether or not malware can create (and/or modify) the boot sector on a USB drive that is left in the computer through successive reboots. A user-mode virus could infect the USB drive, then the next time the computer is booted, it would boot the USB drive (modifying memory much the same way that this exploit does) before passing control to the hard drive and Vista. Of course, this requires that USB booting is enabled in the BIOS.

    That's how a lot of boot-sector viruses spread in the old days. The virus would infect every floppy that was inserted into the computer, and eventually, one of them was pretty likely to be left in the drive during a reboot. At that point, even if the disk wasn't "bootable", the damage was done. The user would see that the computer wasn't booting, eject the disk, and boot into the now compromised OS.

  16. Re:if you have physical access to the system... on VBootkit Bypasses Vista's Code Signing · · Score: 1

    Yes, but that's the point :)

    This specific exploit is good only for regaining control over your system (a system which does not let you load unsigned kernel modules).

    Abstracted out, it allows any kernel exploit to maintain control of the system by modifying the boot sector of the hard drive. But you still need that initial exploit first.

  17. Re:and in a related story... on VBootkit Bypasses Vista's Code Signing · · Score: 1

    Ooh, nice. I was aware of the F8 'trick', but I was under the impression that there was no way to permanently disable the checks. Thanks for the tip!

  18. Re:Is it just me that thought on VBootkit Bypasses Vista's Code Signing · · Score: 5, Insightful

    They probably did--that's probably why they are confident that it would work on there. They just don't want to actually claim success since it was done illegally.

  19. Re:Looks like it on VBootkit Bypasses Vista's Code Signing · · Score: 5, Interesting

    True, but it's a more complex situation than that.

    In order for the boot sector to be compromised [in x64 Vista], there must already have been a kernel-level compromise. Unsigned kernel-level code must have already run. Further compromising the boot sector would certainly be a way of maintaining control over the system, but that's not the hard part in a scenario like this.

    My guess is that compromising this particular security mechanism will be hard. Vista engineers worked pretty hard on the signed code requirement and on hardening kernel-level services to prevent the likelihood of attack. Getting unsigned code to run is going to require a hole in the kernel or a kernel driver (not user-mode drivers, as most Vista drivers must be). Is it possible? Sure, and it's been demonstrated in RC1 (or was it RC2 that the Bluepill malware exploited?). But it is damned hard, and between that and automatic updates available and on by default, I think we're unlikely to see any of the absurd worms of a few years past.

  20. Re:and in a related story... on VBootkit Bypasses Vista's Code Signing · · Score: 5, Informative

    It's a story because of Vista's signing requirement for kernel drivers in x64. A boot disk like this wouldn't be useful for compromising a system in the traditional, and it isn't intended as such. It is intended to give control back to the owner of the computer, and as such, physical access is neither an unreasonable requirement, nor an unreasonable expectation.

  21. Looks like it on VBootkit Bypasses Vista's Code Signing · · Score: 5, Funny

    Of course, it will be one of those that relies on a code of honor:

    "This is the Windows Vista Boot Sector Virus kit. Please burn this ISO to a CD and boot your computer with it."

  22. Re:Who even still users WEP? on WEP Broken Even Worse · · Score: 1

    Yeah. WEP is good for preventing the casual user from joining your network, and the casual snooper from sniffing (something that simple MAC filtering won't do). I don't think it's worth giving up, if you can't use WPA. WEP is at least something.

    My DS doesn't even connect without security, so I'm not sure what the problem is. Probably a router incompatibility (using DD-WRT on a Linksys)

  23. Re:10 minutes, 1 minute... no big deal on WEP Broken Even Worse · · Score: 1

    I imagine that those 9 minutes are important to a person who is trying to be sneaky. Sitting in a parking lot with your laptop is fairly conspicuous. Assuming you just want quick access (and aren't trying to do something like download large media torrents from someone else's connection), 10 minutes may actually dwarf the amount of time you actually need to be online.

    If you're cracking from your house or from somewhere where it isn't suspicious for you to have your laptop sitting out for 10 minutes, maybe it's not as big a deal, but that's still 9 minutes you COULD have been doing something useful.

  24. Re:Who even still users WEP? on WEP Broken Even Worse · · Score: 1

    Fair point. That may really be a decent solution for me, too (even with WEP, my DS just can't connect to my router for some reason).

    Now I just need a Windows box to power the damned dongle.

  25. Re:Who even still users WEP? on WEP Broken Even Worse · · Score: 1

    Does that dongle do more than just create a network for your DS to connect to? Seems like you'd have the exact same problem.