Windows: New, improved & more insecure than ever

[ Thanks to Steven J. Vaughan-Nichols for this link. ]

"Unfortunately, Wever, using a variation of a hacking technique he helped perfect called heap-spraying has busted DEP. In heap-spraying, the attack code made an educated guess at where vulnerable memory that could be used to execute unapproved programs could be found. In Wever's latest trick, the attacking code looks for clues on where to find memory that's allowed by DEP to run programs. Once armed with this information, the attack code can then successfully plant itself in the system.

"While the attack code isn't ready to go for any script-kiddie, as Wever himself points out, he has given enough information on how to defeat DEP that it's only a matter of time before a competent cracker uses the code to start enabling new attacks."

Complete Story

Related Stories:

• Vulnerability in the GIMP image editing tool(Nov 13, 2009)
• Apache updates to 2.2.13 for security(Aug 11, 2009)
• DHCP server can take over client(Jul 16, 2009)
• Vulnerabilities in Linux allow root privileges(Apr 16, 2009)
• Validating Untrusted Integer Inputs(Jan 16, 2009)
• Google Chrome Tab overflow problem(Jan 08, 2009)
• Linux buffer overflow issues on Power-based systems(Jan 08, 2009)
• Are You Vulnerable To These Buffer Overflows?(Oct 04, 2007)