Apparently there’s news of an exploit that completely hoses Vista’s security and which probably can’t be fixed. Before the Microsoft-haters all start celebrating, let me make a couple of observations.
- It’s not clear whether the general approach taken might not be equally effective against other operating systems.
- The people discussing this exploit seem entirely too gleeful. Remember, you’re supposed to be good guys looking for security holes so we can fix them before bad guys take advantage of them.
“… the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”
That just doesn’t sound like a dispassionate researcher reporting significant findings that may be of concern to us all. It sounds more like someone relishing Microsoft’s discomfort, or maybe Hudson — that guy in Aliens who totally loses it.
Here’s a link to the actual paper.
Game over man.
Note: the actual researchers are quite reasonable and their paper is entirely aimed at helping Microsoft and other vendors improve their platforms’ security. The guy I was quoting was “popular security researcher” Dino Dai Zovi. I think he’s popular because he says insane crap like that.