"Shattering Windows"
-
Colin^Davies wrote: this is a serious security flaw in windows It is security flaw in the 3rd party software vendor who did not follow MS recomendation about services. Martin -------------------------------------------- C'mon we all know computers are experimental devices and should only be used for playing games. Using them for alternative stuff like business, is clearly not using them for what they are intended. Colin Davies
Yes but how many other vendors have made the same flaw as Network Associates, I suggest it's probably very common over shared applications. Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
-
Man, this sort of thing makes me want to hunt down and kill all Linux and leet kiddies out there. Slashdot can really make my blood boil at time... Don't Linux evangelists realise that their whole anti-MS and anti-anyone-that-isn't-a-techie attitude hold Linux back? Constant slagging of "dumb users" by the Linux community puts people off wanting to use it in the first place. Still, I expect many Linux apologists would prefer it that way!
I'm a reasonable man, get off my case.
Robert Edward Caldecott wrote: this sort of thing makes me want to hunt down and kill all Linux and leet kiddies out there I know exactly how you feel! Robert Edward Caldecott wrote: Slashdot can really make my blood boil at time... MS evangelists/apologists have the same effect on me too :) Robert Edward Caldecott wrote: Don't Linux evangelists realise that their whole anti-MS and anti-anyone-that-isn't-a-techie attitude hold Linux back? I don't think MS would mind the Linux crowd holding linux back because of their own attitude... Linux is for tech/advanced users. Anyone pretending it's not is naive. Which is also why I don't see Linux getting a foothold in the desktop market. Windows is friendly and easy to use and who'd want to change. The "Linux community" slagging of "dumb users" may be elitist but hey, if you can't stand the heat get out of the kitchen. bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
-
Yes but how many other vendors have made the same flaw as Network Associates, I suggest it's probably very common over shared applications. Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
It might be a common problem, but it is not an issue of MS software, that's a big difference. Problem is, that Windows is multipurpose OS, you can set it up as very secure or as absolutely insecure system. Unfortunately you would not be able to run many application in very tight secure environment (e.g. you cannot debug programs). Therefore by default installation of Windows does not produce secure system at all. Martin -------------------------------------------- C'mon we all know computers are experimental devices and should only be used for playing games. Using them for alternative stuff like business, is clearly not using them for what they are intended. Colin Davies
-
http://slashdot.org/article.pl?sid=02/08/06/1828256&mode=thread&tid=172[^] Yeesh, leave it to slashdot's posters to make something out of nothing if it gives them the ability to say "Linux is better." Espescially problems like this, when it is NOT Microsoft's fault, it's the fault of some idiot vendor.. And this[^] idiot that wrote his 'paper'... Read the 'about' link at the bottom of that page. If he has to dig _that_ far to find a bug in windows, he must not be as good as he thinks. :-) evilpen dot net :: gpg public key (ascii-armored)
Sorry, but I do agree with the man , it's old statements that Microsoft should had corrected a long time ago . Even the 3d party didn't followed the Microsoft Services recommendation, it's nevertheless a security flaw ... Microsoft as is thrustworthy computing initiative should fix asap this behaviour ... is becoming too old and too embarassing ... Escalation of privileges is not a acceptable thing . It's the same thing with CreateRemoteThread api(allows you to start a thread in another process's address space.. The other process may not even know you've done it (depending on circumstances). Supposedly, with full security turned on (off by default!) this won't violatge C2 security. ),Nimda worm anybody ? This api is plain evil and should disappear from the face of the earth ... Don't get me wrong, I'm not a linux zealot, I prefer to code in Windows than in other platform, but in this security area Windows have to improve a lot. Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
Robert Edward Caldecott wrote: this sort of thing makes me want to hunt down and kill all Linux and leet kiddies out there I know exactly how you feel! Robert Edward Caldecott wrote: Slashdot can really make my blood boil at time... MS evangelists/apologists have the same effect on me too :) Robert Edward Caldecott wrote: Don't Linux evangelists realise that their whole anti-MS and anti-anyone-that-isn't-a-techie attitude hold Linux back? I don't think MS would mind the Linux crowd holding linux back because of their own attitude... Linux is for tech/advanced users. Anyone pretending it's not is naive. Which is also why I don't see Linux getting a foothold in the desktop market. Windows is friendly and easy to use and who'd want to change. The "Linux community" slagging of "dumb users" may be elitist but hey, if you can't stand the heat get out of the kitchen. bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
Brian, I agree with you 100% (woohoo! at last! :laugh: ) but I think the Linux community is its own worst enemy at times, especially when dealing with newbies. I have ALWAYS loved Windows. When I was at college (1987-1989) I was the only one in the class that ran Windows 2.0 and used MS Write - everyone else used WordStar 2000. Doesn't mean I'd blindly follow MS over a cliff though, but Windows is a great O/S IMHO - I haven't seen a single Linux desktop that comes close, so why do they bother? Let's face it, my mum and dad will never be using it!
Ambition makes you like pretty ugly.
-
Sorry, but I do agree with the man , it's old statements that Microsoft should had corrected a long time ago . Even the 3d party didn't followed the Microsoft Services recommendation, it's nevertheless a security flaw ... Microsoft as is thrustworthy computing initiative should fix asap this behaviour ... is becoming too old and too embarassing ... Escalation of privileges is not a acceptable thing . It's the same thing with CreateRemoteThread api(allows you to start a thread in another process's address space.. The other process may not even know you've done it (depending on circumstances). Supposedly, with full security turned on (off by default!) this won't violatge C2 security. ),Nimda worm anybody ? This api is plain evil and should disappear from the face of the earth ... Don't get me wrong, I'm not a linux zealot, I prefer to code in Windows than in other platform, but in this security area Windows have to improve a lot. Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
Joao Vaz wrote: It's the same thing with CreateRemoteThread api But you need quite strong access rights on target process to call CreateRemoteThread (PROCESS_CREATE_THREAD, PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, PROCESS_VM_READ). Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
-
Brian, I agree with you 100% (woohoo! at last! :laugh: ) but I think the Linux community is its own worst enemy at times, especially when dealing with newbies. I have ALWAYS loved Windows. When I was at college (1987-1989) I was the only one in the class that ran Windows 2.0 and used MS Write - everyone else used WordStar 2000. Doesn't mean I'd blindly follow MS over a cliff though, but Windows is a great O/S IMHO - I haven't seen a single Linux desktop that comes close, so why do they bother? Let's face it, my mum and dad will never be using it!
Ambition makes you like pretty ugly.
Robert Edward Caldecott wrote: Brian, I agree with you 100% Miracles do happen dude! :) Robert Edward Caldecott wrote: Windows is a great O/S IMHO *cough* Define great plz! To be honest I like Win2k. First decent MS os. Having said that, I've got three machines at home: One runs Linux Mandrake 8, another runs Solaris 8 (x86) and another dual-boots WinXP pro and Win98 (coz of some games). Shows you what kinda guy I am. Robert Edward Caldecott wrote: so why do they bother Why do some people climb mountains? Coz it's challenging I suppose. I too don't understand why some ppl believe Linux will eventually win on the desktop. Frankly it's pratically impossible. And with .Net, etc I think MS's strategy is to rule server-side too. I really do hope my dear Unix will hold its own against the evil empire :) Brian Azzopardi bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
-
Robert Edward Caldecott wrote: Brian, I agree with you 100% Miracles do happen dude! :) Robert Edward Caldecott wrote: Windows is a great O/S IMHO *cough* Define great plz! To be honest I like Win2k. First decent MS os. Having said that, I've got three machines at home: One runs Linux Mandrake 8, another runs Solaris 8 (x86) and another dual-boots WinXP pro and Win98 (coz of some games). Shows you what kinda guy I am. Robert Edward Caldecott wrote: so why do they bother Why do some people climb mountains? Coz it's challenging I suppose. I too don't understand why some ppl believe Linux will eventually win on the desktop. Frankly it's pratically impossible. And with .Net, etc I think MS's strategy is to rule server-side too. I really do hope my dear Unix will hold its own against the evil empire :) Brian Azzopardi bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
Brian Azzopardi wrote: Miracles do happen dude! Actually, I lied - I had already agreed with a comment you made about shooting birds - but I didn't reply 'cos it was too late in the day for me to await a response! :) Brian Azzopardi wrote: To be honest I like Win2k OK, NT4 was good, but Win2K it the definitive version. I just fell in love with the GUI concept pretty much straight away - I wish I still hasd a copy of Windows 2.0 for purely nostalgic reasons. he he. Brian Azzopardi wrote: really do hope my dear Unix will hold its own against the evil empire Me too. The company I work for chose Unix as their main platform back in the mid-80s and NT has never seriously threatened it. For servers, Unix is more reliable, uses less resources and can cope with far more users than NT can. We have had a number of large customers who decided they wanted to go MS all the way, only to relent once they realised the O/S wasn't up to it. Windows on the desktops, Unix on the servers. A winning combination methinks.
Kicking, squealing Gucci little piggy.
-
Joao Vaz wrote: It's the same thing with CreateRemoteThread api But you need quite strong access rights on target process to call CreateRemoteThread (PROCESS_CREATE_THREAD, PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, PROCESS_VM_READ). Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
And so what ? Nimda for instante created a guest account on windows registry, elevated the privileges to administatives ones and called CreateRemoteThread ... a piece of cake don't you think ? It's dangerous to have such api to mess around in a invisible way to target process and that permits the arbitrary spawing of threads and threads contexts like using other infamous GetThreadContext/SetThreadContext that opens a road to interesting programs and applications ...like thrashing the target proceess,passing some *good* address to the process handle, dll hijacking with malicious code and other some goodies that are available on this wonderfull net or books :-) Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
And so what ? Nimda for instante created a guest account on windows registry, elevated the privileges to administatives ones and called CreateRemoteThread ... a piece of cake don't you think ? It's dangerous to have such api to mess around in a invisible way to target process and that permits the arbitrary spawing of threads and threads contexts like using other infamous GetThreadContext/SetThreadContext that opens a road to interesting programs and applications ...like thrashing the target proceess,passing some *good* address to the process handle, dll hijacking with malicious code and other some goodies that are available on this wonderfull net or books :-) Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
Joao Vaz wrote: Nimda for instante created a guest account on windows registry, elevated the privileges to administatives ones and called CreateRemoteThread ... a piece of cake don't you think ? It is a piece of cake. But - if you're alread an administrator, you don't have to use subtle methods like CreateRemoteThread. You can just format disk or destroy the registry :) BTW: how Nimda elevated its privs? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
-
Brian Azzopardi wrote: Miracles do happen dude! Actually, I lied - I had already agreed with a comment you made about shooting birds - but I didn't reply 'cos it was too late in the day for me to await a response! :) Brian Azzopardi wrote: To be honest I like Win2k OK, NT4 was good, but Win2K it the definitive version. I just fell in love with the GUI concept pretty much straight away - I wish I still hasd a copy of Windows 2.0 for purely nostalgic reasons. he he. Brian Azzopardi wrote: really do hope my dear Unix will hold its own against the evil empire Me too. The company I work for chose Unix as their main platform back in the mid-80s and NT has never seriously threatened it. For servers, Unix is more reliable, uses less resources and can cope with far more users than NT can. We have had a number of large customers who decided they wanted to go MS all the way, only to relent once they realised the O/S wasn't up to it. Windows on the desktops, Unix on the servers. A winning combination methinks.
Kicking, squealing Gucci little piggy.
Robert Edward Caldecott wrote: had already agreed with a comment you made about shooting birds U read that post? Hehe. What did u think of it? Don't worry, i just wanna know what u think. I have no intention of reviving (or should that be resurrecting) that thread. bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
-
http://slashdot.org/article.pl?sid=02/08/06/1828256&mode=thread&tid=172[^] Yeesh, leave it to slashdot's posters to make something out of nothing if it gives them the ability to say "Linux is better." Espescially problems like this, when it is NOT Microsoft's fault, it's the fault of some idiot vendor.. And this[^] idiot that wrote his 'paper'... Read the 'about' link at the bottom of that page. If he has to dig _that_ far to find a bug in windows, he must not be as good as he thinks. :-) evilpen dot net :: gpg public key (ascii-armored)
It is somewhat of a serious problem. But MS can't fix it without a total re-write. It is a legacy issue. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
-
http://slashdot.org/article.pl?sid=02/08/06/1828256&mode=thread&tid=172[^] Yeesh, leave it to slashdot's posters to make something out of nothing if it gives them the ability to say "Linux is better." Espescially problems like this, when it is NOT Microsoft's fault, it's the fault of some idiot vendor.. And this[^] idiot that wrote his 'paper'... Read the 'about' link at the bottom of that page. If he has to dig _that_ far to find a bug in windows, he must not be as good as he thinks. :-) evilpen dot net :: gpg public key (ascii-armored)
There's an article dated 1997 on MSDN about this very issue. ------- signature starts "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 Please review the Legal Disclaimer in my bio. ------- signature ends
-
Robert Edward Caldecott wrote: had already agreed with a comment you made about shooting birds U read that post? Hehe. What did u think of it? Don't worry, i just wanna know what u think. I have no intention of reviving (or should that be resurrecting) that thread. bibamus, edamus, cras moriemur
[eat, drink, for tomorrow we die]
Ummm ... without searching for it, I can't remember all the details, other than I was pro-Paul! :) I'm an idealist remember? ;P As for your "shooting birds" comment ... I think that killing any animal for "fun" or in the name of "sport" is a crap thing to do. Yes, I eat meat, but there it a big difference between eating animals and killing them yourselves for the hell of it! (besides, I'd happily become a vegetarian if it wasn't for chicken - I could never give up Chicken Tikka Massalla! Slurp). Anyway, I'm sure you know where I'm coming from here...
That's it Sir, you're leaving. The crackle of pigskin. The dust and the screaming, the yuppies networking.
-
http://slashdot.org/article.pl?sid=02/08/06/1828256&mode=thread&tid=172[^] Yeesh, leave it to slashdot's posters to make something out of nothing if it gives them the ability to say "Linux is better." Espescially problems like this, when it is NOT Microsoft's fault, it's the fault of some idiot vendor.. And this[^] idiot that wrote his 'paper'... Read the 'about' link at the bottom of that page. If he has to dig _that_ far to find a bug in windows, he must not be as good as he thinks. :-) evilpen dot net :: gpg public key (ascii-armored)
Ok, even being fair to MS and all, this seriously does suck ass. And, yeah, it's been around forever; see where not talking about it has brought us? Someone working on the original Win32 design *could* have said things like "er, maybe having WM_TIMER pass in a callback pointer & then blindly jumping to it isn't such a hot idea after all" (seriously; does anyone actually use this? why?). For that matter, even back in the dark ages that were 1990, we had ways of communicating with controls besides sending them messages; MS *could* have gone another way with it. But, in all honesty, this is something that never would and probably never will happen, at least large scale, to classic native Win32 GUI apps. MS has come to be where it is today by choosing compatibility over "the right way" when the choice is presented; there's no doubt we love them for it - i'm still dealing with code that was written originally for 16-bit MFC! Oh, and about that "idiot vendor"; yeah, it's their fault, not Microsoft's. But MS essentially played the role of the person placing a small sign next to a large hole he's just dug in a major highway; they are not entirely without blame...
---
Shog9 If I could sleep forever, I could forget about everything...
-
Joao Vaz wrote: Nimda for instante created a guest account on windows registry, elevated the privileges to administatives ones and called CreateRemoteThread ... a piece of cake don't you think ? It is a piece of cake. But - if you're alread an administrator, you don't have to use subtle methods like CreateRemoteThread. You can just format disk or destroy the registry :) BTW: how Nimda elevated its privs? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
Tomasz Sowinski wrote: It is a piece of cake. I used this expression in a sarcastic way, but there isn't any scarmasm icon on CP (hint,hint,hint) Nimda used a lot of windows *features* in a smart way ;) check the technical details beginning at slide 21 Nimda details[^] CreateRemoteThread is a useful api, but too damn powerfull and dangerous. But since it could break some nice software systems that use this technique to attach a debugging or hook systems, it all resumes to money ... For instance in Programming Windows,4th by Jeffrey Ritcher and Debugging Applications by John Robbins, they use this api to do interesting things in a good way, but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say. Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
Tomasz Sowinski wrote: It is a piece of cake. I used this expression in a sarcastic way, but there isn't any scarmasm icon on CP (hint,hint,hint) Nimda used a lot of windows *features* in a smart way ;) check the technical details beginning at slide 21 Nimda details[^] CreateRemoteThread is a useful api, but too damn powerfull and dangerous. But since it could break some nice software systems that use this technique to attach a debugging or hook systems, it all resumes to money ... For instance in Programming Windows,4th by Jeffrey Ritcher and Debugging Applications by John Robbins, they use this api to do interesting things in a good way, but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say. Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
Joao Vaz wrote: check the technical details beginning at slide 21 Thanks for the link. Now I'm going to make a headlines with my own worm ;) Joao Vaz wrote: but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say Any references? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
-
Joao Vaz wrote: check the technical details beginning at slide 21 Thanks for the link. Now I'm going to make a headlines with my own worm ;) Joao Vaz wrote: but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say Any references? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
Tomasz Sowinski wrote: Now I'm going to make a headlines with my own worm LOL :-) Tomasz Sowinski wrote: Any references? http://world.std.com/~jmhart/critcom.htm[^] http://www.lambdacs.com/cpt/FAQ.html[^] this a kind of security forum , place a search on the page for CreateRemoteThread, and delight yourself with dll injection and running the evil code in the firewall process due to the wonderfull CreateRemotethread http://www.dslreports.com/forum/remark,3191090~root=security,1~mode=flat~start=60[^] and check the ultimate technique of dll injection on firewall process :-) http://www.unixwiz.net/backstealth/[^] This make you think, doesn't it ? :~ Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
Joao Vaz wrote: check the technical details beginning at slide 21 Thanks for the link. Now I'm going to make a headlines with my own worm ;) Joao Vaz wrote: but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say Any references? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
http://www.dslreports.com/forum/remark,3191090~root=security,1~mode=flat[^] The post that describes the order of the win32 apis involved in the process of Backstealth Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
It is somewhat of a serious problem. But MS can't fix it without a total re-write. It is a legacy issue. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
Tim Smith wrote: It is somewhat of a serious problem. But MS can't fix it without a total re-write. No, I don't think it is unfixable. The Problem is the behavior of the standard window proc on WM_TIMER messages. MS could change this behavior to not call a supplied function pointer. Sure this might break some old applications but this is a small price and easy to fix by software vendors. There is even a compatibility mode possible which has to be set by a privileged user for selected applications. But there might be many more places where such flaws are present... Oliver Anhuth