 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Derek Martin wrote: At some point hitherto, David Kramer hath spake thusly: >> > http://security.tombom.co.uk/shatter.html >... >There may be more bad news, which the author didn't touch upon in his >white paper. Microsoft also mentions this immutable law: > > Law #1 -- "If a bad guy can persuade you to run his program on your > computer, it's not your computer anymore," That assumes a model with no security (i.e. the original Microsoft model). In reality Law #1 should read: > Law #1 -- "If a bad guy can persuade you to run his program on a > computer, he has the same privileges on that computer as you do." We are so used to thinking in the Microsoft model of one computer per user with that user having privileges to do anything they want that we don't realize what's possible with alternative models. Microsoft has made attempts to add different levels of access to their operating systems, but they seem to habitually make this kind of mistake in either design or implementation. >Thusfar, the attack outlined requires intervention of the user at the >console (or the console of a Citrix client), and the above is not >currently known to be possible. However, I would be very surprised if >someone did not reveal a way to do this in the near future...
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
