|
Security Researcher Warns of Vista Vulnerabilities |
|
|
Written by Daniel
|
|
Monday, 25 August 2008 |
|
Security Researcher Warns of Vista Vulnerabilities Ulrika Hedquist, Computerworld New Zealand Online Monday, August 25, 2008 7:28 AM PDT
A New Zealand security researcher is exploring several scenarios in which Windows Vista could be attacked and warns more protection is needed for users.
Ben Hawkes presented his findings at the Black Hat conference, held in Las Vegas this month, and will also present them at the Kiwicon conference, to be held in Wellington in the end of September.
Hawkes' research has uncovered hacking techniques for attacking the Vista heap, which is a dynamic memory management component, used by every single application, from Microsoft Word to web applications, he says.
There is a type of bug in these applications called the memory corruption bug, he says. Historically, these bugs have been a fairly severe security problem because people could turn them into arbitrary code execution -- allowing attackers to run code, for example a back door or keylogger, says Hawkes.
Microsoft is trying to prevent malicious hackers from targeting memory corruption. When it introduced Windows Vista, it also introduced several security enhancements to the operating system, Hawkes says. But more protection is needed.
Hawkes was in touch with Microsoft two weeks before Black Hat, sending the company a copy of his slides and presentation called "Attacking the Vista heap."
"They were quite interested in my research and passed it around internally to a few select people," he says.
Hawkes got a little bit of feedback from the software giant, generally positive.
"I had a fairly good experience," he says.
He is not sure what Microsoft's next steps will be to deal with this issue. [PCWorld...] [Comments...] |
