05.29.09
Reader’s Article: Does Microsoft Create Security FUD Against Rivals?
“Working behind the scenes to orchestrate “independent” praise of our technology, and damnation of the enemy’s, is a key evangelism function during the Slog. “Independent” analyst’s report should be issued, praising your technology and damning the competitors (or ignoring them). “Independent” consultants should write columns and articles, give conference presentations and moderate stacked panels, all on our behalf (and setting them up as experts in the new technology, available for just $200/hour). “Independent” academic sources should be cultivated and quoted (and research money granted). “Independent” courseware providers should start profiting from their early involvement in our technology. Every possible source of leverage should be sought and turned to our advantage.”
–Microsoft, internal document [PDF]
Reader’s summary: Microsoft first to fix pool overruns vulnerability, or is it?
Microsoft invents a ‘fix’ for some bogus security bug and ‘Independent Security Evaluator’ heaps praise on Microsoft and talks up the ‘vulnerability’ in Mac OS X and GNU/Linux.
The article is a little short on any actual details of the exploit. I thought ‘Safe unlinking’ of ‘doubly linked lists’ was de regur on any information processing system.
“The article is a little short on any actual details of the exploit.”I hadn’t heard the term before, and I do try and keep up. Are there any actual examples of ‘pool overruns’, in the public domain, that can be successfully run on Mac OS X and GNU/Linux?
To quote: “Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X and Linux. “I think they’re trying to stay ahead of the curve” [...] This simple check blocks the most common exploit technique for pool overruns”
Where and how did Microsoft come out with a fix so quickly and why not design a MMU that isn’t vulnerable to ‘pool overruns’ rather than having to check for them, after the fact, so to speak?
To quote again: “It doesn’t mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker” █
saulgoode said,
May 29, 2009 at 11:14 am
The article doesn’t actually state that the “pool overruns” exploit has ever been a problem for OS X or GNU/Linux, only that the independent security evaluator who reported on the Microsoft problem has (at some point in his career) “exploited weaknesses” on those systems. From the wording of the article it should not be presumed that said weaknesses had anything to do with “pool overruns” (or even that they were serious).
Roy Schestowitz Reply:
May 29th, 2009 at 11:45 am
Some say it’s just a fancy name for “buffer overflows”.
Sabayon User (YGUG) Reply:
May 29th, 2009 at 2:28 pm
You really have no idea what you’re talking about, do you?
aeshna23 said,
May 29, 2009 at 11:41 am
I’m way out of my area of knowledge here, but I did have one guess about what’s going on here. It’s my understanding that the applications and the operating system are as not as isolated from each in Windows as in Unix based operating systems. Since pool overruns exploit OS bugs, could it be that Windows needs safe unlinking much more than any other OS? Are they just fixing a problem created by the original poor design of Windows?