

Windows Vista security 'rendered useless' by researcher - babul
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

======
tptacek
This is an incredibly misleading headline.

What Dowd and Sotirov did was figure out how to defeat Vista's _post-exploit_
runtime security measures _in IE only_. They can exploit .NET DLL controls to
build reliable exploits, even though the Vista runtime goes to a great deal of
trouble to make reliable exploits hard to write.

For this research to come into play, you have to already have a memory
corruption vulnerability in IE.

Great talk? Absolutely. One of the best of the show.

Important finding? Absolutely. IE is a top 5 attacker target.

A blow to Vista's standing relative to other OS's? Doubtful. Nobody has a good
answer to this problem. If attackers can control memory in your process,
they're going to win.

