UNFIXABLE WINDOWS VULNERABILITY HAS BEEN DISCOVERED

>3 Apple
>10 Linux

>can Potentially Attack All Versions of Windows

>can Potentially

>Thursday, October 27, 2016 Swati Khandelwal

>Swati Khandelwal

HAHAHAHAHAHAHAHAHAHAHAHAHA

>Street shitter talking about street shitter OS
How is that surprising?

>thehackernews

github.com/BreakingMalwareResearch/atom-bombing/

Time to get busy, lads.

>relies on tricking a user into running a malicious executable

>Windows

Lesson learned

>POOINLOOTELLA

Finally we can exploit the security holes and become millionaires!

>Finally

because that never has happened before.

Hold up I have Windows on a virtual machine, but it doesn't have any network interface. Only a shared folder. No risks, right?

I know of 2 similarly unfixable bugs in Linux and 1 of them also applies to Darwin.

I'll never release the info about it though.

I also know know 7 exploits of a similar situation on osx that I will never release

I call microsoft linux or bsd in 5 years

Probably bsd, Can't make a propriety linux distro.

>doesn't have any network interface
You should be okay

then you make a free one and add propriety shit to in in a non-free repo. Why should they care if the literal base of the system is free if they can add a non-free DE, drivers and apps to it.

Aight. I only use it for illustrator, I should probably ditch it sometime. I just wish Wine got better.

x is finsihed and bunkrupt
x's ceo is on suicide watch
i am fucking hilarious

>My dad works for Nintendo!

How bad is it? The article looks legit troublesome. I have windows XP running in virtual machine

now you're getting the hang of it!

So yeah, how about those linux vulnerabilities?

lmao

Fixed

I don't buy into the "UNFIXABLE" or "UNPATCHABLE" hype. It is basically the clickbait of exploit articles.

We're all coders here. We all know there isn't much that can't be done.
Considering we won't have the source available, and we don't have their full component design available.
Trying to claim what is and isn't patchable from our perspective isn't the best of ideas.

B-b-but my ten years

All of them? Even the ones not yet found?

nice try linturds

>We're all coders here.
>coders

>windows source
>available

First post in Sup Forums?

>Bothell, Washington
>BOT HELL

>only affects atom tablets
WOW IT'S FUCKING NOTHING

Better than having an unfixable KNOWN EXPLOIT

>Wintoddler tier reading comprehension

Lmao windows hehehe

nuh nuh bud, the AddAtom kernel32 function and friends.

Jesus fuck why is wangblows so insecure?

i think you already have other problems

cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=739&version_id=&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&month=0&cweid=0&order=3&trc=727&sha=96656e0273b52e8473fbf8b6371fe2ed4a0f8ae8

>"Unfortunately, this issue cannot be patched since it does not rely on broken or flawed code – rather on how these operating system mechanisms are designed," the researchers said.

You mean you're not a coder?

Get the fuck out.

>Claims I have poor reading comprehension
>Didn't even read the article.
What?

>coder
I'm not XDD

>what
Go back to primary school

everything is patchable, but we have no idea how much of the code they will have to rewrite , and how poorly they will do it this time.

Can you please explain

I haven't updated my windows 7 for a year. Anything I'm missing? Guess not

>Any version of windows is vulnerable

if the vulnerability is caused by the design not the implementation then the system has to be redesigned or disabled, breaking compatibility with existing programs

>...updated with the latest security patches is VULNERABLE
Doesnt this mean my un-updated one isn't?

That article's been proven to be fake years ago.

The guy has never worked for Microsoft, he's a former Google employee.

zorinaq.com/resume/marc-bevand-resume-letterpaper.pdf

No

It is too!

Y doe?

Cuz ur mum XD

post yfw win32 will be deprecated in your life time

FIX RELEASED SEE WEBM
>FIX RELEASED SEE WEBM
FIX RELEASED SEE WEBM
>FIX RELEASED SEE WEBM
FIX RELEASED SEE WEBM
>FIX RELEASED SEE WEBM

Because you keep trash-talking it user :(

>rubbish bin
Is this real in England?

Surprised only one reader actually knows enough about security to realize this. It's literally no worse than the "hacking technique" that has already existed on Windows forever: rely on stupid users who blindly allow admin prompts or ignore their browser updates. It won't work unless either the user's an idiot, or if the computer's already been owned with a different vulnerability

>rubbish bin
are you england faggots for real?

/thread

BIN THAT WIN

>Unfortunately, this issue cannot be patched since it does not rely on broken or flawed code – rather on how these operating system mechanisms are designed

Are you dumb? It literally means that it isn't a bug, part of the operating system has to be recoded. In other words it *CAN* be patched, it can't be hotfixed.

Also why the fuck do I literally see a dozen threads per day about "pooinloo" and I literally post a single cumskin thread and get banned. Fuck you white ass faggots and your privilege.

Singles check'd

Calm down pajeet

>cumskin
wat

>. It won't work unless either the user's an idiot
All idiots use windows

No, it's a fundamental system mechanic that cannot be fixed without an all new OS that isnt windows

Noice

>32 posters
Stop forcing this fucking shitty meme

nu uh, some idiots use MACS

hahaha am i a memester yet, guies? x^D

>Also why the fuck do I literally see a dozen threads per day about "pooinloo" and I literally post a single cumskin thread and get banned. Fuck you white ass faggots and your privilege.

Funny you mention that!
I have made soo many pooinloo posts in Windows threads or directed at Windows users (despite being one) and never got a ban but after out of the like the 10 times I said it to a Linux thread I was banned 3 times.

Mods clearly are Linux users since the clear display of such fragile egos.

...

Seeing the exploit requires an application to be modifying another applications entries in the Atom tables on simple solution could be to add a user prompt to allow such activity from an application.
One of those "Malware app X wants to access data from Chrome, do you want to allow it?"

It would break apps that need to be updated to handle the blocked exception, but it probably won't break many apps because that behavior is probably uncommon.

By the sounds of things it is also possible to inject code to be executed into the tables, which probably isn't by design, in fact it is pretty much insane to allow executable code into be entered into your database, so improved sanitization may also be available for implementation.

Semantics. Still an exploit UNTIL someone bothers to fix it.

blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions

>Mitigation
>the direct mitigation answer would be to tech-dive into the API calls and monitor those for malicious activity.

start
run
rundll32.exe kernel32.dll AddAtom

no error = function exists.

Trips never lie

who would the user know if an application is supposed to use atoms or not?

most Windows users would just click allow

UNFIXABLE LINUX VULNERABILITY HAS BEEN DISCOVERED

>ANY Linux system, updated with the latest security patches is VULNERABLE to CODE INJECTION exploit
FileBombing attack abuses the file system, a feature of Linux that allows applications to store information on strings, objects, and other types of data to access on a regular basis.
This exploit can enable
-Injecting malicious codes to ANY linux version and release
-MAN IN THE MIDDLE (MITM) attack on web browsers (regardless of the one you use)
-DECRYPT YOUR PASSWORDS

>No patch
>NO PATCH can fix this exploit, because it does not rely on flawed codebase, it utilizes on How Linux works

IT'S OVER, LADS
STALLMAN IS FINISHED AND BANKRUPT
LINSHILL DAMAGE CONTROL FORCE WILL ARRIVE WITH NO DEFENCE
CUMSKINELLA ON SUICIDE WATCH
DELETE YOUR LINUX VM RIGHT NOW

>literally this thread

>most Windows users would just click allow
That's their problem. Like how when you get UAC asking if you want an application to do stuff in the System areas.
Applications can do all sorts of shit with that access but most of the time you're going to click Okay anyway. Often they genuinely need it.

Loonix pajeet BTFO

then someone finds a variation to the attack that doesn't get detected

linux problem: "it's a bug, fixed upstream hours ago"
windows problem: "it's a feature"

>mfw using XP

Wincucks BTFO

can somone create a worm with this which installs loonux and removes windows partition? please work on it

>>>/global/rules/8
:^)