The Hackers Who Broke Windows

The Hackers Who Broke Windows
Deborah Radcliff, SecurityFocus 2003-07-24

The Last Stage of Delirium, the hacking group that laid open nearly every version of the Windows operating system last week, could use a little sleep. Since going public with the RPC buffer overflow bug that some are describing as the worst Windows security hole in history, the group has been caught in a media frenzy.

Expand all | Post comment

The Hackers Who Broke Windows 2003-07-25
Carstein

The Hackers Who Broke Windows 2003-07-26
mimo prohodil... (1 replies)

The Hackers Who Broke Windows 2003-07-29
Anonymous

The Hackers Who Broke Windows 2003-07-27
Eirik

The Hackers Who Broke Windows 2003-07-28
LittleW0lf (1 replies)

The Hackers Who Broke Windows 2003-07-28
Anonymous (1 replies)

The Hackers Who Broke Windows 2003-07-29
LittleW0lf

You obviously have access to the code and can check to see if they have, in fact, fixed the affected code. However, I don't, and when I run the exploit against a patched box, and it yields root, I have a problem whether or not they fixed the error or not. The goal isn't to fix the error, it is to make the OS more secure so folks cannot get access by just staring cross-eyed at the box. At least Microsoft could take the time to run the exploit against the box to make sure it doesn't yield root even though they "fixed the problem."

I can still DoS a 2000 box with SP3 patched against this exploit, and I'd install SP4 if it didn't require 700 MB to install the patch without bombing and killing off the OS.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6519/21095#21095

The Hackers Who Broke Windows 2005-09-09
Anonymous