>I have written a white paper documenting what I believe is the first
>public example of a new class of attacks against the Win32 API.

And what a lot of attention it's gotten. But why? The Win32 API
never promised or even hinted at security between windows
on the same desktop.

An HWND is also a public message port, with no inherent security. It's
like a TCP connection on Unix - it's up to the service on the receiving
end of the TCP connection to provide the security. Anyone can connect
to it.

Someone else pointed out that the right way to design an application
that needs both a UI and admin-level rights is to split it into two
parts: The trusted part and the non-trusted part. The non-trusted
part takes care of the GUI and uses an API like sockets or pipes to
talk to the service that's got admin rights.

Many desktop applications on Windows use messages sent to windows
as an IPC mechanism. Winamp, for example, suggests that you find
it's window and post messages to it, and they document what messages
to send.

This isn't something you can "fix" because it's not broken; it's
the assumption that there was any security there in the first place
that's broken. If you design your applciation right, where you don't
have GUI with admin rights in user space, then you never had a
problem. (This is how all the services that come with Windows work).

I wonder if an alert like "TCP ports vulernable to connection from
hostile processes" would get as much attention. Of course the TCP
connections aren't the problem, insecure services are - and in this
case it's the virus software that's at fault, not the API.

Why has this gotten so much attention?

--
Steve Tibbett
stevex-ntbugtraqoakburl.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]