I figured this would eventually happen...

[Riggen]

I've viewed claims regarding Vista's architecture with skepticism for a while. I'll readily admit that I haven't really been fair about it either, but I've intuitively felt something like this coming in my bones:

http://www.neowin.net/news/main/08/08/0 ... ew-exploit

The article suggests this could be bad news for XP (and maybe other operating systems) as well. I really hope this turns out to be something lame that's only feasible in an academic sense, but my suspicions are that it will be otherwise.

[Ddrak]

Original paper and slides from BlackHat are here: http://taossa.com/index.php

The summary is that if you turn off UAC then Vista is only slightly harder than XP to exploit, despite the new stuff in it (DEP improvements, ASLR). They focus primarily on the Flash control and Sun's JVM as attack vectors, but also include .NET apps (so Firefox is just as vulnerable as IE). The whole thing relies on some exploit *already* being available in these applications to exploit - it ultimately says that if there's an exploit available then a crafty hacker can still exploit it on Vista if they're really smart despite the extra protection.

The sad part is the writeup on neowin was pretty much worthy of a tabloid.

Dd

[Ddrak]

Ars (as usual) has a good wrapup of it:

http://arstechnica.com/news.ars/post/20 ... ypass.html