Feeds

Windows 8

Apple iOS 7 makes some users literally SICK. As in puking, not upset

Excessive zoom and 3D-effect graphics in Apple's latest iOS is leaving some users reaching for the sick bucket

Windows 8 'penetrated' says firm which sells to world's spy agencies

Various spooks now have secret keys to Redmond's kingdom

3 Big data security analytics techniques

French security researcher firm Vupen claim to have already developed a reliable windows 8 exploit, just days after the launch of latest edition of Microsoft's flagship operating system.

The sometimes controversial firm, which sells the exploits it develops to Western government agencies and deliberately avoids sharing vulnerability details with vendors, said that the exploit it has cooked up allows it to take over Windows 8 machines running Internet Explorer 10.

"We welcome #Windows 8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Vupen’s chief exec Chaouki Bekrar boasted in a Twitter update.

Windows 8 offers improved exploit mitigation technologies including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization) while IE10 bundles improved sandboxing. Getting over these extra hurdles is no mean feat and doesn't necessarily mean that exploits and malware from mainstream hackers will flood cyberspace anytime soon.

Vupen doesn't go into details about the security bugs it has identified, logically enough, since the value of the exploits it markets depends on their effectiveness and longevity. Spilling the details on a vulnerability makes it more likely that vendors will come up with patches sooner rather than later, something that works against the "government-grade exploit" side of Vupen's business.

The French security firm previously promised to come up with Windows 8 exploits at the same time as the launch of the operating system. Bekrar told Forbes details of the Windows 8 attack would be supplied to its customers in a carefully worded answer that failed to rule out the use of the exploit as an offensive tool.

"The in-depth technical details of the flaws will be shared with our customers and they can use them to protect their critical infrastructures against potential attacks or for national security purposes," Bekrar said. ®

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.