Full Disclosure mailing list archives
RE: April 1st is here (joy). now improved
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Thu, 1 Apr 2004 15:43:24 +0200
I think this posting shows the far superior way Windows prevents security issues like this. As the name says, it does not intend to allow you open access to the garden (which becomes even more sophisticated once TCPA is there...). With Windows, you obviously stay in-house and watch the carrots through... right, a Window! So as you do not have physical access to them, a root compromise is reliably prevented. I think this is also the primary reason that ActiveX - by its very core design - does not require a sandbox to be secure. Or have you ever seen a sandbox inside a house? As you can see, openness has its disadvantages ;) Rainer
Well if we are into folly anyway :-) FEAR!FEAR!FEAR!********!ADVISORY!***********FEAR!FEAR!FEAR! Security Advisory No 0x454564af We have discovered a serious security hole after OpenBSD 3.4 default install! After successful installation, we proceeded to the garden. There we grabbed a carrot and pulled firmly. And whoa, instant root acess! We never thought it would be this easy. Really, these sorts of incidents should be prevented. Due to the very serious nature of this bug, we will not disclose PoC at this time, esp because the root has already been consumed. For details visit our homepage http://www.iamanidiot.com/ ****************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: April 1st is here (joy). now improved Rainer Gerhards (Apr 01)