Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Various Vista Concerns SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Various Vista Concerns
I ran across a couple of stories in the last day or two that got me thinking about how much of security relies on assumptions that aren't necessarily always validated (remember Ronald Reagan's old adage "Trust, but verify"?).  The first one is this story from Blackhat Amsterdam about VBootkit.  The key quote from the story is "Experts say that the fundamental problem that this highlights is that every stage in Vista's booting process works on blind faith that everything prior to it ran cleanly."  The other one was this story from one of the guys at CERIAS at Purdue about the introduction of symbolic links in Vista.  Frankly, I haven't paid enough attention to Vista yet, to realize they had added symbolic links and I don't program for Windows, but having been a programmer in a previous life, the possible implications of this one jumped out at me.  Further, I suspect that, all too soon, we'll be seeing all the race conditions with symlinks in Vista that we've seen in Unix/Linux over the years.  The more things change, the more things stay the same, huh?!I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2021


423 Posts
ISC Handler
Apr 4th 2007

Sign Up for Free or Log In to start participating in the conversation!