Microsoft urges computer users to install security tool

Gromett · Sep 19, 2012

GJH said:
No Karl, not Lego add-ons but safeguards designed in from the start

I don't understand what you are saying here?

ASLR is a software solution to prevent easy stack/heap exploitation.

DEP is a hardware solution.

Are you saying the IBM guys in the 70 implemented ASLR? If so why did they do this when you were writing perfect code that couldn't possibly corrupt the stack/heap? Why build something that isn't needed?

DEP, I can understand as they had virtualised the OS in the early 70's. However calling DEP on X86 a lego add on is a misunderstanding of what it is I think..

Gromett · Sep 19, 2012

Another one for you.

"It's really about the research to make a fair, transparent and open message that a motivated attacker will [HI]always[/HI] win."

www.zdnet.com/mobile-pwn2own-iphone-4s-hacked-by-dutch-team-7000004498/

It's worth a read...

Madmark62 · Sep 19, 2012

Well thats 10 mins of my life I will never get back!!!

GJH · Sep 20, 2012

Gromett said:
I don't understand what you are saying here?

ASLR is a software solution to prevent easy stack/heap exploitation.

DEP is a hardware solution.

Are you saying the IBM guys in the 70 implemented ASLR? If so why did they do this when you were writing perfect code that couldn't possibly corrupt the stack/heap? Why build something that isn't needed?

DEP, I can understand as they had virtualised the OS in the early 70's. However calling DEP on X86 a lego add on is a misunderstanding of what it is I think..

All these techniques do is prevent use of certain areas of memory and that certainly was needed in the 1970s, to prevent application software from corrupting the OS if nothing else. Also to prevent programs running in different partitions from corrupting each other. All built into the OS. Terminology may be different but that's basically all.

Gromett · Sep 20, 2012

GJH said:
All these techniques do is prevent use of certain areas of memory and that certainly was needed in the 1970s, to prevent application software from corrupting the OS if nothing else. Also to prevent programs running in different partitions from corrupting each other. All built into the OS. Terminology may be different but that's basically all.

Nope, ASLR is something completely different.

Whilst I can see a use for DEP back in the 70's if software was so well written why include ASLR? Or wasn't software that well written after all?

GJH · Sep 20, 2012

On a slow connection at Lincoln I simply can't be bothered carrying on arguing.

Onderweg · Sep 21, 2012

Correct security patch can be downloaded using Windows Update

Microsoft decided to quickly create and release an update to fix this issue in IE9.

The security patch can be downloaded using Windows Update as of earlier this evening.

Installing this patch should fix the issue

Regards
Paul and Ineke

Microsoft urges computer users to install security tool

Gromett

Gromett

Madmark62

Free Member

GJH

Gromett

^{_{Subscribers do not see these advertisements}}

GJH

Onderweg

Funster

Latest journal entries

Italy previous

Grand Tour-France, Switzerland & Italy

Awaycation Autumn 2023!