Confidence
"It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."
That’s what you think...
Software buried in Windows since the days of WinXP can be abused to take complete control of a PC with the help of good ol' Notepad and some crafty code. On Tuesday, ace bug-hunter Tavis Ormandy, of Google Project Zero, detailed how a component of the operating system's Text Services Framework, which manages keyboard layouts …
Shame they dissolved the Trustworthy Computing Initiative team before they ran a modern source code vulnerability scanner over ALL the code that goes into shipping versions of windows. Of course the NSA has source code access along with several other three letter agencies. Funny they didn't mention it.
Of course looking at XP era material with a code profiler is like looking at a Vegas motel room under a strong blacklight. Some things cannot be unseen.
Shame they dissolved the Trustworthy Computing Initiative team before they ran a modern source code vulnerability scanner over ALL the code that goes into shipping versions of windows
Yes. Such as Microsoft's own static-analysis scanner, which is a near-state-of-the-art hybrid of simulated execution and symbolic analysis. (There was a good paper on it from Microsoft Research in CACM a few years back.) Data tainting and data flow analysis find this sort of thing easily in cases like this, where, as Ormandy wrote, there's simply no validation.
They have the technology. They have the resources. They just don't have the will.
why should they check their OWN code for vulnerabilities? They have the CUSTOMERS as BETA TESTERS now!!!
what a massive challenge that complexity presents Microsoft's engineers from a security standpoint.
Not THAT massive. Back i nthe mid 2000's they should have done THIS instead of Vista:
a) audit every line of code using their massive programming staff, instead of "re-re-inventing" windows [with the exception of the vulnerable parts]
b) NOT re-re-invent it for WIndows "Ape" (8) nor Win-10-nic, but INSTEAD audit the HELL out of EVERYTHING, looking for basic vulnerabilities.
You have to think like thief, applying crowbars, hammers, and chemicals to locks. You can't "just assume" anything about marshalling. You have to check EVERY buffer length, even for trivial stuff.
strcpy(buffer, "string") - no!
strncpy(buffer,"string",sizeof(buffer)) <-- better
(you never know whether or not a buffer overflow might cause that static string pointer to be altered)
that being said MICROSHAFT WASTED A DECADE AND A HALF of WALL TIME to re-re-re-re-invent windows into the PILE OF CRAP it is today!
And oh, they left some serious OLD vulnerabilities in it, too... from a time when they wanted EVERYTHING insecurely interacting with EVERYTHING, and wanted ActiveX to be a MAJOR part of web pages! Pretty clueless, yeah.
icon, because, facepalm
Long before Mac OSX became a thing, I used to say that MS should grab FreeBSD, and rewrite windows as a GUI, and include a compatibility layer for win32 stuff.
Of course, Gates being the "shove the OS into the GUI" kind of guy, they went the NT route instead, then Mac OSX more or less did it instead.
not without using a browser exploit first anyway
Well, problem solved! Or not. (Of course, with many users running browsers with elevated privileges in the first place, once that browser exploit is available there's no need to elevate.)
In any case, this "the attacker has to be able to run unprivileged code first" mitigation is not nearly as useful as some people seem to think. It provides no defense against insider attacks. It provides none against social engineering. Against malware in the software supply chain. And so on.
Not at all. Google want you to use it's Web or Cloud applications instead, which is why there is no native Calendar app, and only a basic Contacts application shipped with Android. Phone makers often add their own, but they are very rarely compatible with those supplied by the other phone makers.
(Using the Web based apps also ensures that you keep data services on so that your device is track-able, as well)
I look back at the baked in set of applications that used to be in PalmOS with a great deal of fondness. Always there, always work the same, always compatible with the last PalmOS device you owned.
I look back at the baked in set of applications that used to be in PalmOS with a great deal of fondness. Always there, always work the same, always compatible with the last PalmOS device you owned.
Modern Android BlackBerries come with a decent set of things, far better than Google imho. Always there, very compatible with Exchange, iMap etc. You can pay for them on any other Androids too.
Whether I'm doing science, engineering or business, I've found my breadcrumb trails invaluable at keeping track of the various avenues I've pursued. Forgetting is not desirable, especially in cases where lives are involved. Not true for most, though. That it often saves time and money.... So, saving my scribbles is ... nice.
Aside: to the send myself an email suggestion, no way am I sharing. Hell, good luck Google, et al., getting a look at my device, even.
If you're involved in safety critical areas and yet have a memory so bad you have to write yourself post-it style notes then please tell us what these areas are so we can avoid anything you've been involved in. Either write proper documentation or don't bother with the task at all.
The thing is. notepad was just used as a demo. The flaw isn't in notepad itself, but what it must connect to on the inside to function. Windows is full of cruft and is more like an old building with many little empty spaces in it - a fire hazard. The "new and improved" Windows has brought forward much of the "old and fscking" Windows. I wouldn't be surprised to see things from Windows 95 in there.
Whereas given the amount of things Emacs *can* do (#), you'd not only be surprised if it *couldn't* be used for an exploit, you'd expect it to already include an in-built exploit mode (alongside M-x kitchen-sink-simulator).
(#) Its only major omission being a decent text editor. (Sorry, but as a vi user, that ancient joke is practically obligatory...:-) )
Did you not get any of the earlier registering memos on the meme*? ........ Words Create, Command and Control and Destroy Worlds ........ and that can easily be turned on and tuned in to terrifying in a whole myriad of consequential existential extremes.
And without them are you no more than dumb ignorant savages to be herded and entertained/employed and enjoyed as animals appropriate to the whims of SMARTR Connected Virtual Machines?
I insist it has been around through every version of Windows back to at least Win98; yet I keep getting told that is impossible.
Yeah right.
I propose El Reg has a competition; a full set of Vulture gear to the person who turns up the oldest code found in the latest Win10 build.
Us greybeards know how multitasking OSes actually work - by cycling through a message loop deep, deep, deep inside the actual silicon. At that level, the OS trusts - *has* to trust - that the queue of commands has been legitimately created.
It is possible to secure a message loop against hacking - by signing every message with the key of the process that inserted it. But we prefer performance to security.
It was probably there in Windows 1.0
I've made this comment thousands of times over the years, to no effect whatsover in corporate policy, but Windows - even the latest version - is insecure by design. Because at the most fundamental level in it's kernel, it still expects there to be one user. Which didn't make much sense in the 80s, as multi user systems were already up & running.
So 35 years on. and we've arrived at a situation where the safest way to contain Windows is in a VM somewhere that can't break out. The VM itself (of course) won't be running on Windows.