Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Windows Security Technology

Hacker Bypasses Windows 7/8 Address Space Layout Randomization 208

hypnosec writes "Microsoft upped its security ante with Address Space Layout Randomization (ASLR) in Windows 7 and Windows 8, but it seems this mechanism to prevent hackers from jumping to a known memory location can be bypassed. A hacker has released a brilliant, yet simple trick to circumvent this protection. KingCope, a hacker who released several exploits targeting MySQL in December, has detailed a mechanism through which the ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space."
This discussion has been archived. No new comments can be posted.

Hacker Bypasses Windows 7/8 Address Space Layout Randomization

Comments Filter:
  • by bigstrat2003 ( 1058574 ) on Friday January 25, 2013 @05:55PM (#42695953)
    I'm sure they're aware of that, as is anyone with a shred of knowledge about computer security (or hell, security in general). What is your point?
  • Re:TLDR (Score:2, Insightful)

    by Anonymous Coward on Friday January 25, 2013 @06:16PM (#42696177)

    Not only that but the point of ASLR is to randomly locate system DLLs, not some evil hacker code. This does nothing to break the intended use of ASLR.

  • by Anonymous Coward on Friday January 25, 2013 @07:34PM (#42696815)


    You have no fucking idea what you are talking about.
    There's no hardware involved in malloc(3), it isn't even a syscall.
    It's people like you who come up with shit like this:

    Please don't ever write any code again.

  • by metrix007 ( 200091 ) on Friday January 25, 2013 @11:34PM (#42698395)

    Unnecessary. Absolutely no advantage over just keeping updated and running as non-admin.It's the type of thing people who don't understand security do and then get MITMed without even noticing.

  • by r00t ( 33219 ) on Saturday January 26, 2013 @04:41AM (#42699289) Journal

    You're right that it boils down to just looking up the address, but see, this is a chicken-and-egg problem. You're wanting to determine addresses so you can run code, but you must run code in order to look up addresses!

    You might as well say that it is easy to get a dinosaur and a dinosaur egg. To get the dinosaur, just wait for a dinosaur egg to hatch. To get the dinosaur egg, just wait for a dinosaur to lay one. Problem solved, right???

  • First of all a public service announcement: To everyone that writes "M$" in 2013...This...Is...YOU! [] and this is what everyone sees and instantly dismisses when you write that lame ass M$ in 2013. You could write the most brilliant post in the history of Slashdot but a good 80%+ will NEVER read it because they see M$ and think "douchebag" and move on. So don't waste your time unless you want people posting your group photo [] as the very next post.

    Second of all lets get something VERY clear for those that don't seem to understand how these things work, okay? ALL OPERATING SYSTEMS that would be what we consider "modern" are some of the most complex pieces of software EVER written, we are talking millions of LOC in the kernel alone and thousands of little sub-programs that ALL have to work in concert to give the user the illusion that its all one program that "just works". Is Linux even close to immune? Not only is that a big NO [] but to even suggest it is is a symptom of what is known as "magical thinking" such as "If you buy (product X) then you will magically be safe!". We in IT have seen magical thinking used to sell everything from OSes to firewalls to routers and reality will blow holes in that lie every single time.

    So if Linux is vulnerable [] why don't we see Linux attacks in the news? We do only they are called "Android attacks" and in fact its predicted that later in the year Android will reach the one million infected mark [] which considering that Android isn't even a decade old is pretty impressive.

    Look its actually VERY simple, and evidence has bore this out time and time again. Criminals ARE LAZY and want to do the least amount of work for the biggest bang so they want to go after the biggest targets to yield the most infections they possibly can. I mean writing a OS/2 virus today would probably be the most trivial thing in the world yet you don't see anybody doing it, why? Because the fact is even though eComstation still sells OS/2 there are too few using it to make it a juicy target. But the malware writers WILL go where the targets are, used to be it was always Windows, then Vista bombs and everyone in the press starts talking about how Mac adoption is climbing, what happens? Mac Guardian and Mac Defender. Android phones and tablets explode in usage, what happens? Thousands of Android malware released weekly.

    So anybody who thinks their OS is gonna magically protect them from malware because "(product X) doesn't get bugs!" is merely deluding themselves with magical thinking. There are even articles that helpfully helpfully explain this [] and point out how switching platforms just for the sake of magical thinking (in the article OSX for Linux but you can insert any from and to in there and it still fits) just doesn't work. Be it Linux, Mac, or Windows you can find plenty of bugs, I could spend 5 minutes and cover this page in reports of bugs for all 3, I already listed the 2 biggest Mac bugs of recent memory, TFA is a Windows bug, and just off the top of my head there was the KDELook theme bug and the infected Quake 3 that was served up by most repos for a year and a half on Linux. NO OS is safe, NO OS is immune, and if you are gonna claim security by obscurity is actual security you might as well run Win95 or BeOS because hey, there aren't any bugs circulating targeting those OSes either.

  • by Anonymous Coward on Saturday January 26, 2013 @01:11PM (#42701045)

    Oh yeah, Mr $hill. Thanks for regurgitating "all operating systems are at least as shitty as Windows". Now bring on the statistics. So far, everbody in the know thinks it is quite the opposite. Windows is the worst piece of shit, from a security perspective. And that is not just because of number of lines of code, but because it is anti-modular, full of half-baked, indisciplined and generally shoddy design decisions.
    Windows has always been designed by "feature list", and that means it is an overly complex mess even the Micro$hafters don't completely understand. Most Unix-like OSes are muc better modularized and that means they have much less potential for dangerous failure modes.
    Here are some examples: A bitmap parser inside the kernel (!) allowed for vrius insertion via USB. A virus elevating itself to Admin mode because some M$ crappers decided that the "Guest" user should have his print jobs executed using "Admin" privileges, and the printer service process was of course the same bug-ridden shite we know from M$. As the Iranians (and probably 75 other nations) how they liked that great feature of Windows when StuxNet used it.

    I could go on to tell war stories about Oracle software, which is poisonous vomit if M$ software is shit, but I will spare you that. Suffice to say you better run FOSS-only stacks: Perl, PostgreSQL, Linux, BSD, evince and so on. Commercialware is like a can of worms you can't even inspect before you eat it, because the "deal" is that you have to turn off the lights before eating. Bon appetite !

  • To quote Mel Brooks "Bullshit bullshit aaaaannnnd bullshit". if you want a shortened way? Use MSFT, it even lets you be snarky as its the stock ticker and you can claim its because "they only care about the stock price instead of putting out a good product" so you can be just as douchey and stupid as you want and people will still understand WTF you are posting.

    But the "M$" bullshit is not only from fucking DOS which hasn't even been a product for 20 damned years but it was fucking retarded even THEN. Its just as fucking retarded as writing "Lunix" and deserves to get fucking smacked down for being stupid. And read the guys post dude, i'm assuming you didn't or you wouldn't be trying to apologize for him because it was a classic FOSSie douchebag rant, no different than the douchebag Mac users that insinuate if you aren't using Macs you're either too stupid or too poor, or the Win 8 douchebags that insinuate anybody that doesn't want a cellphone for an OS is too stupid to work it.

    But this is SUPPOSED to be a site FOR geeks and BY geeks and I'm pretty sure that in an article on Windows if somebody types MS everyone isn't gonna go "Why is he talking about Mississippi having a vulnerability?" but of course it was NOT about having a short way to type Microsoft, it was another coward that couldn't wait to wave his little dick and brag about his magical OS that he doesn't even understand. Magical thinking has no place on a site about tech and frankly that kind of horseshit needs to be nipped in the bud whenever possible.

The road to ruin is always in good repair, and the travellers pay the expense of it. -- Josh Billings