The PDF points out that ASLR and DEP can be bypassed, and describes a pretty reliable way to do so. The sky ain't falling, but if anyone finds a buffer overflow, they can now use it to take full control of your PC despite the presence of ASLR and DEP. They are demonstrating a secondary exploit, reliant on whatever-the-lastest-exploit is.
They're talking about Java,.NET and Flash as vectors to increase the possibility of a successful attack. Neither of those need to have a vulnerability, they are just used to bypass the address space layout randomisation and DEP features. From what I can gather (my programming experience is rather limited), this (secondary, since it relies on a primary exploit) exploit can be used on IE, Firefox, Safari, Opera, or any other browser that uses eg. java/flash/.net plugins. Also, the procedure looks pretty OS-independent (code would have to be rewritten, of course).
One important thing to point out though. It doesn't rely on any one specific vulnerability, but it does rely on A vulnerability (In their whitepaper they've used the ANI exploit). It's just that it bypasses the data execution prevention and address space layout randomisation features to make the exploit much, much more severe.
It was supposed to prevent this. The thing is, it's still possible to bypass Data Execution Prevention and the address space layout randomisation. Go read the PDF, you'll get the wider picture by skimming through it;)
In this paper we demonstrated that the memory protection mechanisms available in the latest versions of Windows are not always effective when it comes to preventing the exploitation of memory corruption vulnerabilities in browsers. They raise the bar, but the attacker still has a good chance of being able to bypass them. Two factors contribute to this problem: the degree to which the browser state is controlled by the attacker; and the extensible plugin architecture of modern browsers. The internal state of the browser is determined to a large extent by the untrusted and potentially malicious data it processes. The complexity of HTML combined with the power of JavaScript and VBscript, DOM scripting,.NET, Java and Flash give the attacker an unprecedented degree of control over the browser process and its memory layout. The second factor is the open architecture of the browser, which allows third-party extensions and plugins to execute in the same process and with the same level of privilege. This not only means that any vulnerability in Flash affects the security of the entire browser, but also that a missing protection mechanism in a third-party DLL can enable the exploitation of vulnerabilities in all other browser components.
Their technique (it appears) relies upon a primary vulnerability that would have limited effect, and uses it to the fullest extent possible (ie, total control/pwnage)
I don't doubt the difference between DVD and Blu-Ray quality, but doesn't this sentence
Then pop it out, pop in the Blu-ray and point out all of the detail in the characters' skin that you can now make out. Average Joe might still say something like "looks the same to me", I guess, but for most people it's eye-opening...
There's no way to tell, is there?;) I'm willing to take "flamebait" as a "playing along"-moderation, as opposed to "troll" or simply "offtopic". If I'm right, the mods can balance the equation by moderating me up:-P
When the OS attempts to use it (which all moder OS's do) it presents the BIOS with an Identification string then the BIOS reterns any specific values it has for that OS if it has used the DSDT portion of the APCI 2.0 spec.
Yes, and Linux identifies itself as Windows. But how come Windows was presented with a proper DSTD table, and Linux not, when they both identify as the same OS?
It's not the BIOS' job to detect the OS. The OS reports what it is to the BIOS (Linux reports as "Windows"). In this case, Foxconn added checks to be sure that if Windows was reported, it wasn't actually Linux faking. If they just had passed the Windows table to Linux, everything would be fine and dandy.
Looks like their server is having problems. I set up one at apollo.kynisk.com, but it would appear that I need *other* clients too, not just myself. Feel free to try it;)
Linux reported that it was "Windows" to the BIOS, but instead of returning the correct table for Windows, as it should, it executed a few more checks, and passed a wrong-by-default table to Linux (It didn't even have a correct checksum!) This wasn't just "not bothering to test linux". They had checks in place to verify that you were indeed running linux, and willfully passing a defective table. When the BIOS was hacked to pass the Windows table instead, everything worked as expected. Negligence? I don't think so...
Reality and long time experience leaned only one thing. Microsoft is capable of is crushing anything and everyone that has the nerves to pick more than 0,000005% of their market share.
Slashdot Mirror
I believe it was "Justin", and the meme timeline has thoughtfully included him
I couldn't even see a ROFLcopter, which I presume is larger because it's ALL CAPS!
I lost too. It's time to start tagging slashdot stories with "thegame"...
Attaching post to right parent this time...
To keep up with the meme-meme of today... It IS september, and has been since 1993
crap, that ended up under the wrong parent somehow.
To keep up with the meme-meme of today... It IS september, and has been since 1993
The PDF points out that ASLR and DEP can be bypassed, and describes a pretty reliable way to do so. The sky ain't falling, but if anyone finds a buffer overflow, they can now use it to take full control of your PC despite the presence of ASLR and DEP.
They are demonstrating a secondary exploit, reliant on whatever-the-lastest-exploit is.
There are a bunch of links to the PDF in various comments. Also links to the code. Feel free to peruse ;)
They're talking about Java, .NET and Flash as vectors to increase the possibility of a successful attack. Neither of those need to have a vulnerability, they are just used to bypass the address space layout randomisation and DEP features.
From what I can gather (my programming experience is rather limited), this (secondary, since it relies on a primary exploit) exploit can be used on IE, Firefox, Safari, Opera, or any other browser that uses eg. java/flash/.net plugins. Also, the procedure looks pretty OS-independent (code would have to be rewritten, of course).
One important thing to point out though. It doesn't rely on any one specific vulnerability, but it does rely on A vulnerability (In their whitepaper they've used the ANI exploit). It's just that it bypasses the data execution prevention and address space layout randomisation features to make the exploit much, much more severe.
It was supposed to prevent this. The thing is, it's still possible to bypass Data Execution Prevention and the address space layout randomisation. Go read the PDF, you'll get the wider picture by skimming through it ;)
From the whitepaper:
Their technique (it appears) relies upon a primary vulnerability that would have limited effect, and uses it to the fullest extent possible (ie, total control/pwnage)
I don't doubt the difference between DVD and Blu-Ray quality, but doesn't this sentence
contradict itself?
One day lad, all this will be yours.
What? The curtains?
There's no way to tell, is there? ;) :-P
I'm willing to take "flamebait" as a "playing along"-moderation, as opposed to "troll" or simply "offtopic".
If I'm right, the mods can balance the equation by moderating me up
Come and see the violence inherent in the (moderator)system!
Mod up for obvious reference ;)
Mod parent up for semi-obscure reference ;)
Yes, and Linux identifies itself as Windows. But how come Windows was presented with a proper DSTD table, and Linux not, when they both identify as the same OS?
The BIOS was dissassembled and showed exactly that. They did infact go out of their way to NOT support linux.
It's not the BIOS' job to detect the OS. The OS reports what it is to the BIOS (Linux reports as "Windows"). In this case, Foxconn added checks to be sure that if Windows was reported, it wasn't actually Linux faking. If they just had passed the Windows table to Linux, everything would be fine and dandy.
Looks like their server is having problems. I set up one at apollo.kynisk.com, but it would appear that I need *other* clients too, not just myself. Feel free to try it ;)
Linux reported that it was "Windows" to the BIOS, but instead of returning the correct table for Windows, as it should, it executed a few more checks, and passed a wrong-by-default table to Linux (It didn't even have a correct checksum!)
This wasn't just "not bothering to test linux". They had checks in place to verify that you were indeed running linux, and willfully passing a defective table. When the BIOS was hacked to pass the Windows table instead, everything worked as expected.
Negligence? I don't think so...
Tiananmen, not Tianammen.
Yes, like Google. Or Apple. Or Firefox. Or Linux.