04-02-06

access elevation attacks to expect against xp and many popular programs

http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
this is a paper about access controls in a network for xp computers
they have proven that several commercial softwares that run on those
computers have vulnerabilities that makes it possible for attacks to
change the access rights from user to administrator on the computers.

this paper is for the moment the hype-bible for malware writers and
exploits based on this paper are being developed and published as we
speak.

the software that has been tested is from adobe, AOL, microsoft and
some that haven't been named.
You can presume that with the same methodology all other popular softwares
can be tested and if vulnerable can be exploited.

It should be noted that the number of vulnerabilities and the number of
exploits for popular consumer software (and specially audio-video software
and readers of formats) have been targeted in the last year as the main
way to place spyware or trojans on personal computers.

 

comment : when we migrated to windows 2000 and when we wanted to set users
to simple users it was always a problem of program access. Too many programs
only work if the user has administrator rights on the computer.
THis is particulary so in the gaming world.


It it time that developers develop their programs for simple users
and that all other software is called potentially unsafe and that users
are warned about the inherent dangers of using such software.
or the precautions they have to take when using this software.

And if you pay for developing software you should mention this

in the order, that users must be capable to use the software or work

with its data without being administrators on their computers

22:00 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.