Hacker Bypasses Windows 7/8 Address Space Layout Randomization 208
hypnosec writes "Microsoft upped its security ante with Address Space Layout Randomization (ASLR) in Windows 7 and Windows 8, but it seems this mechanism to prevent hackers from jumping to a known memory location can be bypassed. A hacker has released a brilliant, yet simple trick to circumvent this protection. KingCope, a hacker who released several exploits targeting MySQL in December, has detailed a mechanism through which the ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space."
Re:the only thing Microsoft and others can do is.. (Score:5, Insightful)
Re:TLDR (Score:2, Insightful)
Not only that but the point of ASLR is to randomly locate system DLLs, not some evil hacker code. This does nothing to break the intended use of ASLR.
Re:ASLR? More like ASLnotsoR. (Score:0, Insightful)
MOD PARENT DOWN.
You have no fucking idea what you are talking about.
There's no hardware involved in malloc(3), it isn't even a syscall.
It's people like you who come up with shit like this:
http://use.perl.org/use.perl.org/_Aristotle/journal/33448.html
Please don't ever write any code again.
Re:the only thing Microsoft and others can do is.. (Score:5, Insightful)
Unnecessary. Absolutely no advantage over just keeping updated and running as non-admin.It's the type of thing people who don't understand security do and then get MITMed without even noticing.
ASLR is not so easy to bypass (Score:5, Insightful)
You're right that it boils down to just looking up the address, but see, this is a chicken-and-egg problem. You're wanting to determine addresses so you can run code, but you must run code in order to look up addresses!
You might as well say that it is easy to get a dinosaur and a dinosaur egg. To get the dinosaur, just wait for a dinosaur egg to hatch. To get the dinosaur egg, just wait for a dinosaur to lay one. Problem solved, right???
Comment removed (Score:4, Insightful)
Re:the only thing Microsoft and others can do is.. (Score:0, Insightful)
Oh yeah, Mr $hill. Thanks for regurgitating "all operating systems are at least as shitty as Windows". Now bring on the statistics. So far, everbody in the know thinks it is quite the opposite. Windows is the worst piece of shit, from a security perspective. And that is not just because of number of lines of code, but because it is anti-modular, full of half-baked, indisciplined and generally shoddy design decisions.
Windows has always been designed by "feature list", and that means it is an overly complex mess even the Micro$hafters don't completely understand. Most Unix-like OSes are muc better modularized and that means they have much less potential for dangerous failure modes.
Here are some examples: A bitmap parser inside the kernel (!) allowed for vrius insertion via USB. A virus elevating itself to Admin mode because some M$ crappers decided that the "Guest" user should have his print jobs executed using "Admin" privileges, and the printer service process was of course the same bug-ridden shite we know from M$. As the Iranians (and probably 75 other nations) how they liked that great feature of Windows when StuxNet used it.
I could go on to tell war stories about Oracle software, which is poisonous vomit if M$ software is shit, but I will spare you that. Suffice to say you better run FOSS-only stacks: Perl, PostgreSQL, Linux, BSD, evince and so on. Commercialware is like a can of worms you can't even inspect before you eat it, because the "deal" is that you have to turn off the lights before eating. Bon appetite !
Comment removed (Score:4, Insightful)