| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 May 2008 02:31:50 +1000 From: "Fredrick Diggle" <fdiggle@...il.com> To: skyout.fd@...ed-security.net Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Wired Security/EOF] Disable Windows Defender(Vista) PoC code Fredrick Diggle's code was signed by Fredrick Diggle himself. How much more credibility do you want? On Fri, May 16, 2008 at 7:33 AM, <skyout.fd@...ed-security.net> wrote: > > > > On Wed, 14 May 2008 13:49:35 -0700, "Peter Ferrie" <peter.ferrie@...il.com> > wrote: >>> my friend Izee from the EOF-Project(.net) team has coded a >>> simple PoC code, that demonstrates how to disable the Windows >>> Defender on Vista (tested with and without SPs on x86/x64) >>> using its own API made for it. >> >> Does he realise that he must be Admin first? >> Then he he can just disable the service, or delete the files, or > whatever. >> Using the API doesn't gain much here. >> > > the thing is, that microsoft says, that ONLY SIGNED processes can do this, > this > is a lie, nothing more and in my oppinion this opens an attack vector and > provides > common insecurity... > > cheers, > skyout > > ps: http://msdn.microsoft.com/en-us/library/bb762466(VS.85).aspx | read > remarks > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists