Posted on 03/26/2010 10:24:27 AM PDT by ShadowAce
Two researchers yesterday won $10,000 each at the Pwn2Own hacking contest by bypassing important security measures of Windows 7.
Both Peter Vreugdenhil of the Netherlands and a German researcher who would only identify himself by the first name Nils found ways to disable DEP (data execution prevention) and ASLR (address space layout randomization), which are two of Windows 7's most vaunted anti-exploit features. Each contestant faced down the fully-patched 64-bit version of Windows 7 and came out a winner.
Vreugdenhil used a two-exploit combination to circumvent first ASLR and then DEP to successfully hack IE8. A half-hour later, Nils bypassed the same defensive mechanisms to exploit Mozilla's Firefox 3.6. For their efforts, each was awarded the notebook they attacked, $10,000 in cash and a paid trip to the DefCon hackers conference in Las Vegas this July.
"Every exploit today has been top-notch," said Aaron Portnoy, security research team lead at 3Com's TippingPoint security unit, the sponsor of the contest, in an interview at the end of the day Wednesday. "The one on IE8 was particularly impressive."
Vreugdenhil, a freelance vulnerability researcher, explained how he bypassed DEP and ASLR. To outwit ASLR -- which randomly shuffles the positions of key memory areas to make it much more difficult for hackers to predict whether their attack code will actually run -- Vreugdenhil used a heap overflow vulnerability that allowed him to obtain the base address of a .dll module that IE8 loads into memory. He then used that to run his DEP-skirting exploit.
DEP, which Microsoft introduced in 2004 with Windows XP Service Pack 2, prevents malicious code from executing in sections of memory not intended for code execution and is a defense against, among other things, buffer-overflow attacks.
(Excerpt) Read more at computerworld.com ...
Uh, or not.
...build a better mousetrap...
hmmm. Is computer world biased?
“iPhone, Safari, IE 8, Firefox hacked in CanSecWest contest”
http://news.cnet.com/8301-27080_3-20001126-245.html
Oh wait...
Thanks for t he ping.
ping
Most of these “exploits” require physical access to the machine or for a user to purposefully install a piece of software. I take them with a grain of salt.
Indeed.
Not exactly a slam against MS, when it's taken in context.
Everyone has flaws, and these guys find them.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.