Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How can this happen with Windows Vista?

from [Laura A. Robinson] Network Security [Permanent Link]
Subject: RE: How can this happen with Windows Vista?
Date: Thu, 28 Sep 2006 19:25:05 -0400 
Okay, can you please explain to me exactly what this thing is doing that a
user couldn't do himself/herself? How do you expect the operating system to
differentiate a user opening a socket and joining an IRC channel from an
automated file doing the same thing? 

You note that there is no virus protection on the machine and then criticize
that your virus-like theoretical activity wasn't prevented. Second, you say
that you would send this to a "galoot" via e-mail. Have you actually
attached this thing to an e-mail and sent it? You know, of course, that many
e-mail clients would strip such an attachment, as would many servers if the
file contained an actual virus.

I also note that you're not identifying anything that is happening that
should be prevented by the operating system. The OS should allow a user to
write to his/her own profile and HKCU (and it's Microsoft, not Mircosoft.
;-) ). You tested on a build that has been superceded not once, but twice
now (Vista is at RC1 and you tested on B2), but still, I'm not getting
exactly what you think the issue here is. Your testing didn't include any
actual compromise of the operating system, nor did you perform any testing
of code/commands that should have been *blocked*. You simply did the
equivalent of what a user could do in the course of normal activity. Saying
that this could be "exploited" is not the same as proving that it could, and
I don't see anything indicating that you proved such. Why don't you put this
in an isolated environment and attempt to construct a DoS attack based on
your "pseudo-trojan"? You might find yourself surprised. :-)

Laura


-----Original Message-----
From: listbounce@securityfocus.com 
[mailto:listbounce@securityfocus.com] On Behalf Of gerrit.lehr@gmx.de
Sent: Thursday, September 28, 2006 3:53 PM
To: focus-ms@securityfocus.com
Subject: How can this happen with Windows Vista?

Hello,


I wrote a little article about how easy it was for me to 
create a "pseudo trojan" which uses a fresh installed Windows 
Vista with all recommended Security Essentials turned on and 
a User Account without administrative privileges as a part of 
a botnet for Spam or even DDoS attacks. I would like to 
discuss why it is still so easy to exploit a Vista system 
like this and what you think about it.


Best Regards

Gerrit


http://www.texo-design.de/Vista.pdf

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: How can this happen with Windows Vista?, Thomas D.
Next by Date:  RE: Microsoft Security Clamp, John Rigali
Previous by Thread:  RE: How can this happen with Windows Vista?, Thomas D.
Indexes:  [Date] [Thread] [Top] [All Lists]