Full Disclosure mailing list archives
Re: [funsec] Vista Protected Processes Bypassed
From: Valdis.Kletnieks () vt edu
Date: Sun, 08 Apr 2007 13:41:13 -0400
On Sun, 08 Apr 2007 12:07:47 EDT, C Q said:
Overall, it's not really worse than what you'd have with XP... I'm not a big fan of Vista, but this is definitely not what people make it to be.
That protection bit isn't what people make it to be either, which is the whole point. Quite often, the *real* security issue is that the protection a given feature *actually* provides by design isn't the security that people *think* it provides. For example, some of us may remember a while ago, when there was a whole flurry of activity regarding TCP sequence numbers and RST packets. Turned out that in fact, TCP has *always* worked that way, in that an RST doesn't have to match exactly, it only needs to be inside the window. When RTT*bandwidth products were low and windows were small, in a 2**32 sequence space, the distinction between "match" and "within 16K" was easily overlooked. The community just needed a slap upside the head, because with multi-megabyte windows on today's high-speed links, the distinction *is* important....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vista Protected Processes Bypassed Randall M (Apr 07)
- Re: Vista Protected Processes Bypassed scott (Apr 07)
- Re: [funsec] Vista Protected Processes Bypassed C Q (Apr 08)
- Re: [funsec] Vista Protected Processes Bypassed Valdis . Kletnieks (Apr 08)
- Re: [funsec] Vista Protected Processes Bypassed Fernando Gont (Apr 08)
- Re: [funsec] Vista Protected Processes Bypassed Valdis . Kletnieks (Apr 08)
- Re: [funsec] Vista Protected Processes Bypassed C Q (Apr 08)