Jump to content
Sign in to follow this  
duanester

vista vulnerabilities

Recommended Posts

it starts again

 

Snakepit Bit writes "Underground hackers are hawking a zero-day exploit for Windows Vista at $50,000 a pop, according to computer security researchers at Trend Micro. The Windows Vista exploit, which has not been independently verified, was just one of many zero-days available for sale at an auction-style marketplace infiltrated by the anti-virus vendor. Prices for exploits for unpatched code execution flaws are in the $20,000 to $30,000 range. Bots and Trojan downloaders that typically hijack Windows machines for use in botnets were being sold for about $5,000." From the article: "According to [Trend Micro CTO Raimund] Genes, the typical price of a destructive exploit has increased dramatically, driving an underground market that could exceed the value of the legitimate security software business. 'I think the malware industry is making more money than the anti-malware industry,' Genes said."

the part im confused about is that the final isnt even released!

Share this post


Link to post
Share on other sites

i think theres alot of variations behind all of this, first lets mention third party apps cleaners, anti virus tools, firewalls, etc.......

 

these guys wont be going out of business anytime soon, they dont want to go, they want to stay

 

http://www.theregister.co.uk/2006/08/02/sy...vista_security/

 

we must remember one other thing ms mentioning how secure vista will be!

Share this post


Link to post
Share on other sites

then we would then be going into possibilities, come to think of it does seem odd that these security software vendors are on this like flies on hoo hoo , im sure job security plays a big part in there argument :)

 

 

why isn't microsoft hiring hackers to hack their os's, and then put in security to patch up what they find BEFORE release?

thats a great question, they do have the resources, thats boggled me for years, maby it has something to do with A & b

 

theres always going to be buts and why's along with assumed ideas, with that said why even deal with it ;)

Share this post


Link to post
Share on other sites

Vista will have vulnerabilities just like any other operating system does. That certainly isn't big news.

 

I do believe Vista will be inherently more secure then previous versions of windows, that is until people start turning off it's security features and settings because they are to lazy to be prompted to take action or type a password when an application or process needs administrator privileges.

 

People by the millions and millions will be disabling those settings and then as they say, let the games begin...............

 

Microsoft is solely, 100% to blame for the security nightmare they have created in the desktop computer segment.

 

Their lack of timely patches, or no patches at all, along with their complete indifference towards security for more then 2 decades coupled with the everyone is an administrator default settings has created the horror show that windows and security has become.

 

Vista is certainly a step in the right direction, but now they need to figure out a way to undo the everyone is an administrator mentality they have created, that one thing alone has the ptential to be the undoing of the 6 years of trying to lock down their new OS.

 

Seriously, it doesn't have as much to do with the pick on the biggest target ideal as many people think, as it does with pick on the easiest target. Because the simple truth is Microsoft Windows is the "easiest" target. Not because by nature it is more vulnerable, but because the way it is shipped, setup, and used makes it more vulnerable. The problem is they have made it so easy to exploit, that the script kiddies don't even have to work very hard to exploit it.

 

Internet Exploder, with hooks directly into the OS, hacktivex, idiotic default user settings, are the major problems. Add in the fact that they have been using the same basic kernel for almost a decade and it just makes it an extremely easy target, in fact they not only painted a huge bullseye on themselves, they have been supplying the ammunition :lol:

Share this post


Link to post
Share on other sites

great post, m8 but i'm not leaving MS unless all apps are converted to be used into Linux :lol:

 

i know how you feel about MS as idiot at security... :P

 

 

 

i always :salute: at your posts

 

 

regards

Edited by ineedhelpregularly21

Share this post


Link to post
Share on other sites

And who said you have to leave Microsoft?

 

I believe people should use the operating system they want to use.

 

If you like it use it.

 

If you do not like it, then don't. It ain't rocket science :lol:

Share this post


Link to post
Share on other sites

really good point bruce

 

i dont see how they will accomplish such a task, as the saying goes, we cant teach an old dawg new tricks!

 

 

unlike windows linux users are accustomed to the security setup and we follow these guidelines seriously.

 

and there are still chances of attack but almost unheard of, example if your running a server have apps like tripwire and rootkit detection, basic system setups, dont run services we do not need need, dont give anyone your accounts, never logon as root remotely, use a firewall and except all patch updates and dont just download "anything" off the net, that about sums it up for linux

 

though the functionality is unique on these systems, the setup is ingeniuous, switching user from a low level account to perform an administrative task without being logged on as root, there is no reason at all to be logged on as root :wub:

 

this doesnt make me an easy target but im still in the line of fire, it can happen to me, there is no denying that but with all do respect im fine just where i am at now :lol:

 

 

i do believe a majority of vista users will disable these features, i also thing that they can be compromised in time, with that said it will eventually defeat the purpose, i dont have high hopes for that operating system in question, part is due to there tactics, there ability to take control of my machine and control what i want to do on it privately, i believe this also makes it a bullseye and me myself i like to be in control :)

 

edit:

unless all apps are converted to be used into Linux

what apps are you referring to , and why would want to make such a change :huh:

Edited by duanester

Share this post


Link to post
Share on other sites

the new trend is attacking teh software running on machines rather than os itself

at the defcon conference, 2 researchers showed a way to take over a laptop by flaws in the software that managed the wireless hardware

 

another was a flaw in nvidia drivers for liinux...literally tons of new flaws have been demonstrated through other software and device drivers in order to bypass antivirus and other such os preventions

 

all the os's will always be hacked..one firm showed half of all linux flaws currently known were in driver code

Share this post


Link to post
Share on other sites

do you have a source for this information, not a source from three years ago, what i want is a source within a month or two and speaks of a specific linux operating system :)

Share this post


Link to post
Share on other sites

its on page 156 of jan 2k7 issue of pc magazine under security watch section

surely your not suprised that linux has vulnerabilites are you lol, all the os's do, apple had 3 new patches it also mentions

Share this post


Link to post
Share on other sites

its on page 156 of jan 2k7 issue of pc magazine under security watch section

surely your not suprised that linux has vulnerabilites are you lol, all the os's do, apple had 3 new patches it also mentions

 

That is no suprise, all os's have vunerabilities.....The difference between M$ and linux distro's is that the open source community make fixes asap even before it becomes public, on the other hand....M$ may or may not come out with a patch, depending on how they feel if enough peeps make a stink about it, Then you might have to wait for about a month to get it if it doesn't trash your pc after you get it Edited by Joe C

Share this post


Link to post
Share on other sites

the new trend is attacking teh software running on machines rather than os itself

at the defcon conference, 2 researchers showed a way to take over a laptop by flaws in the software that managed the wireless hardware

 

another was a flaw in nvidia drivers for liinux...literally tons of new flaws have been demonstrated through other software and device drivers in order to bypass antivirus and other such os preventions

 

all the os's will always be hacked..one firm showed half of all linux flaws currently known were in driver code

 

 

That seems a rather obvious jump. You gotta wonder how long before they start killing hardware with exteme system setting. I haven't heard of anything like that but it sure seems like an obvious leap.

Share this post


Link to post
Share on other sites

this statement sends us back to the start of the topic

 

The MSRC is expected to issue a formal security advisory with pre-patch workarounds. In the interim, the company is urging customers to enable a firewall, apply all security updates and install anti-virus and anti-spyware protection

shouldnt there already be a fire wall enabled, should there customers have to run such tight security measures manually after they were assured by ms that there more secure using vista? :huh:

Share this post


Link to post
Share on other sites

That seems a rather obvious jump. You gotta wonder how long before they start killing hardware with exteme system setting. I haven't heard of anything like that but it sure seems like an obvious leap.

 

there was a particular one maybe 3 or 4 years ago...i think it was asus boards...but anyway someone manipulated the overclocking software to where it was silkroped to an application and when executed would attempt to overvolt everything...i kinda doubt it did much damage since many boards have hardware protection failures....thing is all this is just public stuff, many hackers keep alot of stuff to themselves too for personal benefit and so it wont be fixed or detected

Share this post


Link to post
Share on other sites

Vista will not be secure, it is 'more' secure than XP but nobosy expects for a minute to see the viruses forum free of new posts within a few years.

 

There is one virus related post in the Linux forum, I posted it, it was satirical.

Share this post


Link to post
Share on other sites

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

DUH" :laughing:

Share this post


Link to post
Share on other sites

http://select.nytimes.com/gst/abstract.htm...DAB0994DE404482

 

 

another find, there are major issues with the now released vista!

 

 

 

DISPLAYING ABSTRACT - Microsoft is facing early crisis of confidence in quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in system that was released to corporate customers in late November; browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software by visiting booby-trapped site; Determina, which sells software intended to protect against operating system and other vulnerabilities, says browser flaw would make it possible for attacker to inject rogue software into Vista-based computer; many in computer industry are taking wait-and-see approach to Microsoft's assertions about improved reliability of Vista

Share this post


Link to post
Share on other sites

i heard about this tito, what did you get and why did it happen :)

 

It was a joke taken from GNUs website. It involved commands like

 

tar xfz malware.tar.gz

 

make malware

 

etc.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...