|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Florian Weimer (Weimer_at_CERT.Uni-Stuttgart.DE)
Date: Tue Aug 06 2002 - 15:22:43 CDT
Chris Paget <ivegotta
tombom.co.uk> writes:
> 5) This is not a bug. This is a new class of vulnerabilities, like a
> buffer overflow attack or a format string attack.
No, it isn't. Otherwise Windows NT wouldn't offer countermeasures,
would it?
AFAIK, Windows NT allows applications to switch to different "screens"
or "desktops", which run in different security contexts. For example,
if you press Ctrl + Alt + Delete, you switch to such a different
screen, The administrator password can be entered on this screen, and
applications started by the user cannot sniff it. At least that's the
theory. Maybe there are flaws in the implementation, but the design
as such is sound.
On the other hand, it doesn't seem to be possible to show dialogs on
the real user desktop in a safe manner, but that's hardly surprising.
Perhaps it's a bit hard to sell software which switches desktops in
the required way, but I'm sure the programmers knew what they were
doing.
(I'm sorry about the incorrect terminology, I'm not familiar with
Windows at all.)
-- Florian Weimer Weimer
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]