[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] April 1st is here (joy). now improved
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] April 1st is here (joy). now improved
- From: "Rainer Gerhards" <rgerhards@xxxxxxxxxxxxxx>
- Date: Thu, 1 Apr 2004 15:43:24 +0200
I think this posting shows the far superior way Windows prevents
security issues like this. As the name says, it does not intend to allow
you open access to the garden (which becomes even more sophisticated
once TCPA is there...).
With Windows, you obviously stay in-house and watch the carrots
through... right, a Window! So as you do not have physical access to
them, a root compromise is reliably prevented. I think this is also the
primary reason that ActiveX - by its very core design - does not require
a sandbox to be secure. Or have you ever seen a sandbox inside a house?
As you can see, openness has its disadvantages ;)
Rainer
> Well if we are into folly anyway :-)
>
> FEAR!FEAR!FEAR!********!ADVISORY!***********FEAR!FEAR!FEAR!
>
> Security Advisory No 0x454564af
>
> We have discovered a serious security hole after OpenBSD 3.4 default
> install!
>
> After successful installation, we proceeded to the garden. There we
> grabbed a carrot and pulled firmly. And whoa, instant root acess! We
> never thought it would be this easy. Really, these sorts of incidents
> should be prevented.
>
> Due to the very serious nature of this bug, we will not
> disclose PoC at
> this time, esp because the root has already been consumed.
>
> For details visit our homepage
>
> http://www.iamanidiot.com/
>
> ******************************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html