Previous Entry Share Flag Next Entry
01:54 pm, 2 Apr 07

security continues to be hard

I hang out with a guy who knows tons about security and he occasionally forwards me interesting stuff:

1) Apparently the Windows .ani bugs weren't completely fixed, and even manages to evade all the protections built into Vista. I feel sorta bad for whoever screwed this up because I'm sure they're getting plenty of criticism already, but it's pretty surprising to me that the entire module wasn't reviewed when the last exploit came out. Maybe it's naive of me (maybe there's a lot of code to review?) but you'd think you could at least check all values that come in from an external file to be sure they're the size you expect.
(The Metasploit blog goes into detail on this can exploit Vista.)

2) Heap Feng Shui in JavaScript. I haven't read it all yet but it's pretty incredible to see the range of knowledge used here: from Javascript to IE garbage collection to OLE memory management all the way down to the C++/assembly-fu I previously thought were the entire domain of security. Just thinking about this tiny snippet gives me the heebie-jeebies in its level-crossing: var nop = unescape("%u9090%u9090");

Every time I ask security people about the state of the world, they tell me it's getting worse and that the only answer is to not use a computer. :(