Just what we need, Google making unstable security software. I have not used this particular brand, but in general, such programs are irritating at best, unstable and exploitable at worst.
Once, I had a bug in my program that caused my XP development system to bugcheck (BSOD). It puzzled me how a bug in my lowly non-Administrator user-mode program could bring down the entire system. I attached a serial cable to WinDbg it and traced to the system calls. It turns out I was passing a bad pointer to a system call. I traced it further and found that some code in the kernel was doing an unprotected read of my pointer.
But it wasn't Microsoft's. It was a rootkit installed by an "enterprise-level intrusion detection system" that our company makes us all use. Apparently, this vendor doesn't know how to develop NT kernel code, since they weren't using __try let alone ProbeForRead. With code quality like that, I'm sure if someone cared they could find an exploit to get ring 0.
Microsoft decided to make PatchGuard because rootkits like these make Windows appear more unstable than it really is. Helps a bit with DRM too.
Even quantum cryptography is vulnerable to such an attack, so in this respect there is no loss with this resistor system. There is no true solution to the man-in-the-middle problem.
Have the client do the hashcash signing when they connect to Yahoo/GMail/Hotmail and send a message. Speed will be a problem but that can be solved by plugins or modified browsers (add a native-code SHA-256 function callable by JavaScript).
3:18 - warprey also very effective against structures - very vulnerable to small unit fire - shws warpreys getting wiped out by terran marines. Physics system lets debris from warpreys roll down a ramp. Showing one more unit - warped in in a serious of cubes - giant floating base - called a protoss mothership - can only have 1 at a time - cost big resources - special abilities include timebomb that slows all enemy missiles inside - shows terran missle launcher shooting in projectiles that stop in the field before they reach the ship - when field ends missiles drop the ground - planet cracker attack - giant lasers stream from ship to ground - ship can be moved around while planet cracker laser is active - the ship looks like a metallic, triangular sand dollar - mothership can create a black hole anywhere it wannts to - creates distortion that actually sucks ships in and destroys them - in the demo the black hole destroyed four terran battle cruisers in about ten seconds.
(This is completely bogus, but is an interesting thought experiment.)
What if Microsoft's direct goal were not harming Linux, but rather destroying the software patent system? Obviously, Microsoft would love for Linux to disappear, but they could be thinking much deeper. Microsoft has argued for patent reform before when they lost $521000000 to Eolas. Clearly appeal to Congress and the courts has not worked.
By creating complete chaos in the software industry, these legal threats could force changes to the laws to avoid a breakdown.
Another thing Microsoft's Visual Studio C runtime library does is called _CRT_DEBUGGER_HOOK, where a debugger can patch a particular void function so that the function will trigger a breakpoint if a debugger is attached.
I remember reading once that Monad requires all scripts to be signed by a key countersigned by a certificate authority. Is that still true? If so, Monad is completely useless.
Re:How long must a number be to be copyrightable?
on
Censoring a Number
·
· Score: 1
The company name (IBM, IIRC) was placed in the BIOS, and the software looked for it at a specific location. People trying to duplicate the BIOS found themselves on the wrong end of a trademark suit...
Yes, but that's trademark law and not copyright law. Sega v. Accolade seems to invalidate attempts at locking in like this.
How long must a number be to be copyrightable?
on
Censoring a Number
·
· Score: 4, Interesting
How long must a number be to be copyrightable? Any digital file, including programs, can be written as a number, yet obviously pictures and programs can be copyrighted. The number 1 cannot be copyrighted, but the 98641-decimal-digit number corresponding to the original Super Mario Bros. ROM images can be. Where is the line drawn? Can cryptographic keys be copyrighted? Can the MPAA use a (long) key containing a copyrightable image so that the cryptographic key is copyrighted as well?
Prior to Vista, you could drag files from Explorer to cmd.exe to have it type in the filename for you, exactly like on Mac. However, due to overzealous security changes by Microsoft, this does not work in Vista.
In NT, console windows are actually owned by the most privileged user-mode process in the system, csrss.exe. One of Vista's big security changes is that processes cannot send window messages to windows owned by processes of higher security clearance. This means that Explorer cannot send a message to console windows telling them that there is a file being dragged to it. Starting Explorer as Administrator does not help, because csrss.exe runs with higher privilege than that.
Rather than fix the insane design issue of csrss.exe owning console windows, they decided to leave it the way it is. Never mind that there have been exploits against csrss.exe through the console system in the past.
To give you an idea of how bad of a hack the console implementation is, kernel32.dll's WriteFile detects console handles, which are fake handles, and translates the call into an RPC call to csrss.exe. This breaks all kinds of stuff.
I'm assuming that as a condition of allowing Macs to play Blu-Ray disks, Sony will require Apple to make Leopard require all drivers to be digitally signed so that fake device drivers can't be used to break the DRM. Same reason as Vista 64.
I honestly hope that someone either builds a large quantum computer or finds a fast discrete logarithm algorithm soon before asymmetric encryption ruins consumer rights.
The anti-virtualization clause is likely unenforceable anyway *. However, most businesses that use Windows buy volume license agreements under contract, and the contract states that they will obey the EULA. That brings the EULA from the gray area into enforceability for them.
* They know that their DRM system can be cracked easily by virtualization. They might be able to win under the DMCA because of this.
I played the NES version first and loved it... Eventually, I tried the PC version because I figured it would have better graphics. It did, but it didn't have the music from the NES =(
Apparently you haven't heard of ptrace() on Linux or vm_write() on OS X, which are more or less the equivalent of the operations in Windows.
Windows processes have access control lists like files do; you can't inject a DLL into winlogon.exe without LocalSystem ("root") access. Linux and OS X go by the associated UID; if the requesting UID is unequal and is not zero (root), the attempt is denied.
As for SELinux, many systems can get around the ptrace() lockout. Pipe a connection to gdb and have it do the dirty work on your behalf. Locking down what operations are allowed on a per-program basis rather than user privilege level is not a good way to secure a system. (Flagging a program as setuid root is somewhat different, and acceptable given a security model designed for it.)
Blame Microsoft all you want for security holes in user32 and GDI, but don't blame them for these programs breaking.
The change that broke these applications was changing the base address of user32.dll (from 77D40000 to 7ED10000 I believe). The programs that broke were using the 7ED10000 range. When user32.dll can't load at its desired address, it will fail to start the process. DLLs hard-linked by an EXE will be loaded before user32 or kernel32 if they are the first in the import table. Once loaded, user32.dll can't load at its desired address and will get relocated. user32.dll doesn't like this and aborts starting the process. This happens even if the bad DLL is relocatable, because preferred addresses are first-come, first-serve.
The entire 60000000-7FFFFFFF address range is reserved for Microsoft DLLs and special memory. Don't stick your own DLLs in there! (This address range is true of Win64 as well: just add 8 zeros to the front.)
As for why user32.dll and kernel32.dll don't relocate like other DLLs: so many badly-coded programs that do DLL injection assume that the addresses of LoadLibraryW, etc. in other processes are the same as the ones in their own processes. Almost all DLL injection code snippets assume this, and it's just wrong. The proper way is to use either EnumProcessModules or CreateToolhelp32Snapshot to list all the DLLs in the target to find the one you want. The correct address to use is then remote_function = local_function - local_dll + remote_dll. The types HMODULE, HINSTANCE, and IMAGE_DOS_HEADER * are equivalent, so just cast to a DWORD_PTR.
The government's laws should be about encouraging businesses to set working hours to match the sun, not changing fundamental measurement systems to trick people into getting up earlier.
Can ARC4 be used properly at all?
on
WEP Broken Even Worse
·
· Score: 5, Interesting
Can ARC4 be used securely at all? Or are WEP's failings its own fault?
On a somewhat related note, I'm annoyed that wireless encryption was implemented in hardware. Nintendo DS's wireless is worthless to me since the encryption system can't be upgraded.
Slashdot Mirror
Just what we need, Google making unstable security software. I have not used this particular brand, but in general, such programs are irritating at best, unstable and exploitable at worst.
Once, I had a bug in my program that caused my XP development system to bugcheck (BSOD). It puzzled me how a bug in my lowly non-Administrator user-mode program could bring down the entire system. I attached a serial cable to WinDbg it and traced to the system calls. It turns out I was passing a bad pointer to a system call. I traced it further and found that some code in the kernel was doing an unprotected read of my pointer.
But it wasn't Microsoft's. It was a rootkit installed by an "enterprise-level intrusion detection system" that our company makes us all use. Apparently, this vendor doesn't know how to develop NT kernel code, since they weren't using __try let alone ProbeForRead. With code quality like that, I'm sure if someone cared they could find an exploit to get ring 0.
Microsoft decided to make PatchGuard because rootkits like these make Windows appear more unstable than it really is. Helps a bit with DRM too.
There is no solution to the attack you're describing. Even quantum cryptography fails against this.
Even quantum cryptography is vulnerable to such an attack, so in this respect there is no loss with this resistor system. There is no true solution to the man-in-the-middle problem.
I saw this movie a week ago, and it wasn't on YouTube. Was it even on YouTube first? Good luck and have fun enforcing this one, New Jersey.
Have the client do the hashcash signing when they connect to Yahoo/GMail/Hotmail and send a message. Speed will be a problem but that can be solved by plugins or modified browsers (add a native-code SHA-256 function callable by JavaScript).
Here
The Protoss mother ship (from IGN's Charles Onyett):
3:18 - warprey also very effective against structures - very vulnerable to small unit fire - shws warpreys getting wiped out by terran marines. Physics system lets debris from warpreys roll down a ramp. Showing one more unit - warped in in a serious of cubes - giant floating base - called a protoss mothership - can only have 1 at a time - cost big resources - special abilities include timebomb that slows all enemy missiles inside - shows terran missle launcher shooting in projectiles that stop in the field before they reach the ship - when field ends missiles drop the ground - planet cracker attack - giant lasers stream from ship to ground - ship can be moved around while planet cracker laser is active - the ship looks like a metallic, triangular sand dollar - mothership can create a black hole anywhere it wannts to - creates distortion that actually sucks ships in and destroys them - in the demo the black hole destroyed four terran battle cruisers in about ten seconds.
Due to mass disobedience of copyright law, the only way to enforce copyright law is totalitarianism. So they're making the government totalitarian.
(This is completely bogus, but is an interesting thought experiment.)
What if Microsoft's direct goal were not harming Linux, but rather destroying the software patent system? Obviously, Microsoft would love for Linux to disappear, but they could be thinking much deeper. Microsoft has argued for patent reform before when they lost $521000000 to Eolas. Clearly appeal to Congress and the courts has not worked.
By creating complete chaos in the software industry, these legal threats could force changes to the laws to avoid a breakdown.
In Win32:
if (IsDebuggerPresent())
DebugBreak();
Another thing Microsoft's Visual Studio C runtime library does is called _CRT_DEBUGGER_HOOK, where a debugger can patch a particular void function so that the function will trigger a breakpoint if a debugger is attached.
I remember reading once that Monad requires all scripts to be signed by a key countersigned by a certificate authority. Is that still true? If so, Monad is completely useless.
The company name (IBM, IIRC) was placed in the BIOS, and the software looked for it at a specific location. People trying to duplicate the BIOS found themselves on the wrong end of a trademark suit ...
Yes, but that's trademark law and not copyright law. Sega v. Accolade seems to invalidate attempts at locking in like this.
How long must a number be to be copyrightable? Any digital file, including programs, can be written as a number, yet obviously pictures and programs can be copyrighted. The number 1 cannot be copyrighted, but the 98641-decimal-digit number corresponding to the original Super Mario Bros. ROM images can be. Where is the line drawn? Can cryptographic keys be copyrighted? Can the MPAA use a (long) key containing a copyrightable image so that the cryptographic key is copyrighted as well?
I guess that this gives a whole new meaning to "I'm Feeling Lucky".
Prior to Vista, you could drag files from Explorer to cmd.exe to have it type in the filename for you, exactly like on Mac. However, due to overzealous security changes by Microsoft, this does not work in Vista.
In NT, console windows are actually owned by the most privileged user-mode process in the system, csrss.exe. One of Vista's big security changes is that processes cannot send window messages to windows owned by processes of higher security clearance. This means that Explorer cannot send a message to console windows telling them that there is a file being dragged to it. Starting Explorer as Administrator does not help, because csrss.exe runs with higher privilege than that.
Rather than fix the insane design issue of csrss.exe owning console windows, they decided to leave it the way it is. Never mind that there have been exploits against csrss.exe through the console system in the past.
To give you an idea of how bad of a hack the console implementation is, kernel32.dll's WriteFile detects console handles, which are fake handles, and translates the call into an RPC call to csrss.exe. This breaks all kinds of stuff.
I'm assuming that as a condition of allowing Macs to play Blu-Ray disks, Sony will require Apple to make Leopard require all drivers to be digitally signed so that fake device drivers can't be used to break the DRM. Same reason as Vista 64.
I honestly hope that someone either builds a large quantum computer or finds a fast discrete logarithm algorithm soon before asymmetric encryption ruins consumer rights.
I guess this gives a whole new meaning to "I'm Feeling Lucky".
Lydia, [Lenna,] Tina, Aerith... At least they fixed Lenna in the GBA rerelease - it was Reina in that awful PSX version.
Slashdot has an advertising section disguised as "Opinion Center" paid for by Intel. Slashdot is now worthless for hearing AMD news.
And what, Apple lets you virtualize OS X?
The anti-virtualization clause is likely unenforceable anyway *. However, most businesses that use Windows buy volume license agreements under contract, and the contract states that they will obey the EULA. That brings the EULA from the gray area into enforceability for them.
* They know that their DRM system can be cracked easily by virtualization. They might be able to win under the DMCA because of this.
I'm not a lawyer, I just read a lot.
I played the NES version first and loved it... Eventually, I tried the PC version because I figured it would have better graphics. It did, but it didn't have the music from the NES =(
Apparently you haven't heard of ptrace() on Linux or vm_write() on OS X, which are more or less the equivalent of the operations in Windows.
Windows processes have access control lists like files do; you can't inject a DLL into winlogon.exe without LocalSystem ("root") access. Linux and OS X go by the associated UID; if the requesting UID is unequal and is not zero (root), the attempt is denied.
As for SELinux, many systems can get around the ptrace() lockout. Pipe a connection to gdb and have it do the dirty work on your behalf. Locking down what operations are allowed on a per-program basis rather than user privilege level is not a good way to secure a system. (Flagging a program as setuid root is somewhat different, and acceptable given a security model designed for it.)
Melissa
Blame Microsoft all you want for security holes in user32 and GDI, but don't blame them for these programs breaking.
The change that broke these applications was changing the base address of user32.dll (from 77D40000 to 7ED10000 I believe). The programs that broke were using the 7ED10000 range. When user32.dll can't load at its desired address, it will fail to start the process. DLLs hard-linked by an EXE will be loaded before user32 or kernel32 if they are the first in the import table. Once loaded, user32.dll can't load at its desired address and will get relocated. user32.dll doesn't like this and aborts starting the process. This happens even if the bad DLL is relocatable, because preferred addresses are first-come, first-serve.
The entire 60000000-7FFFFFFF address range is reserved for Microsoft DLLs and special memory. Don't stick your own DLLs in there! (This address range is true of Win64 as well: just add 8 zeros to the front.)
As for why user32.dll and kernel32.dll don't relocate like other DLLs: so many badly-coded programs that do DLL injection assume that the addresses of LoadLibraryW, etc. in other processes are the same as the ones in their own processes. Almost all DLL injection code snippets assume this, and it's just wrong. The proper way is to use either EnumProcessModules or CreateToolhelp32Snapshot to list all the DLLs in the target to find the one you want. The correct address to use is then remote_function = local_function - local_dll + remote_dll. The types HMODULE, HINSTANCE, and IMAGE_DOS_HEADER * are equivalent, so just cast to a DWORD_PTR.
If you life depends on the sun, get up earlier.
The government's laws should be about encouraging businesses to set working hours to match the sun, not changing fundamental measurement systems to trick people into getting up earlier.
Can ARC4 be used securely at all? Or are WEP's failings its own fault?
On a somewhat related note, I'm annoyed that wireless encryption was implemented in hardware. Nintendo DS's wireless is worthless to me since the encryption system can't be upgraded.