[Full-disclosure] [funsec] Vista Protected Processes Bypassed

[Valdis.Kletnieks at vt.edu]

On Sun, 08 Apr 2007 12:07:47 EDT, C Q said:
>
> Overall, it's not really worse than what you'd have with XP...
> I'm not a big fan of Vista, but this is definitely not what
> people make it to be.

That protection bit isn't what people make it to be either, which is
the whole point.

Quite often, the *real* security issue is that the protection a given feature
*actually* provides by design isn't the security that people *think* it
provides.  For example, some of us may remember a while ago, when there was
a whole flurry of activity regarding TCP sequence numbers and RST packets.

Turned out that in fact, TCP has *always* worked that way, in that an RST
doesn't have to match exactly, it only needs to be inside the window. When
RTT*bandwidth products were low and windows were small, in a 2**32 sequence
space, the distinction between "match" and "within 16K" was easily overlooked.
The community just needed a slap upside the head, because with multi-megabyte
windows on today's high-speed links, the distinction *is* important....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070408/b18bd073/attachment.bin