|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Florian Weimer (Weimer_at_CERT.Uni-Stuttgart.DE)
Date: Tue Aug 06 2002 - 15:51:46 CDT
"John Howie" <JHowie
securitytoolkit.com> writes:
> This class of attack is not new, it has been discussed before. While you
> can assert that the blame lies with Microsoft (and I'll admit they do
> have some responsibility to address the problem you describe)
A bit of MSDN browsing revealed that Microsoft has already "fixed" the
vulnerabilites, despite the claim that this was impossible. The
concepts are called "window stations" and "desktops", and there is
plenty of documentation. Everything is there: separate sets of hooks,
separate message queues, and so on.
Maybe there are some flaws, but the overall design seems to be sound.
-- Florian Weimer Weimer
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]