If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: http://www.godblock.com/#what "block sexual, and psychologically harmful material" like "holy texts". Protect "from being indoctrinated"
- wishinet: Load average: 23.69 20.11 14.95 - jepp, this is obviously bad.
- wishinet: http://img2.moonbuggy.org/imgstore/ethernet-killer.jpg
- wishinet: According to my 400d stats the most viewed page at my blog is phpids's xss warning. You can do better! :)
- wishinet: I'm super-hungry after some meditation... guess this isn't normal. :-) 0xf000000d
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
ASLR FAIL?
Tue, 08/12/2008 - 07:38 | wishi
txtBetter Heap Management? Is that so?You know: I personally like the Vista GUI because it's a little darker and more elegant than XP. I'm doing some Reversing with IDA, Ollydbg, SoftICE - and a little eye-candy is never wrong. So I thought Vista is good for you. New user separation like sudo, 64 Bit with device drivers on a MacBook (needs some tricks). And you can debloat it. Working without THE professional (proprietary) software sometimes is impossible, while earning money with IT.
Actually, I read that most developers ignore Vista's new security features - because they're too complex. I'm currently doing some research in Visual C# - just because I'm interested - and I found out that it's definitely not too complex. If there's a high level API to call out of a C# program to use ASLR functions to allocate securely - that seems fine. or seemed.
Now Blackhat Con brought something HUGE. Sometimes people say Schneier is overrated, but even he declares this being "huge".
In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.
If that's deep and true - MS invested 100 Million bucks in nothing. If that's true, Vista is a complete failure, technically, and for the whole Microsoft community.
Post new comment