Sounds a bit like what happened with the DRM system on some of Sony's music CDs-- it installed itself behind the scenes in such a way that Windows literally could not see the files. Which, in turn, opened up a huge security hole by which viruses and other malware could install without being seen.
They were sued over this-- and quite rightly, I think.
Um...holy shit! It appears to me that this 'cloaking' behavior is functional, or at least is a long-standing vulnerability.
You took Operating Systems at Mercer, didn't you? Is this sort of vulnerability...
"A common way to intercept kernel-mode application APIs is to patch the kernel's system service table...Every kernel service that's exported for use by Windows applications has a pointer in a table that's indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API."
...something that any Operating System would have, or is it just poor programming employed by Windows? Ie., is it only a matter of time before someone is able to do the same thing with Ubuntu or OSX?
Comments 8
They were sued over this-- and quite rightly, I think.
Reply
Um...holy shit! It appears to me that this 'cloaking' behavior is functional, or at least is a long-standing vulnerability.
You took Operating Systems at Mercer, didn't you? Is this sort of vulnerability...
"A common way to intercept kernel-mode application APIs is to patch the kernel's system service table...Every kernel service that's exported for use by Windows applications has a pointer in a table that's indexed with the internal service number Windows assigns to the API. If a driver replaces an entry in the table with a pointer to its own function then the kernel invokes the driver function any time an application executes the API and the driver can control the behavior of the API."
...something that any Operating System would have, or is it just poor programming employed by Windows? Ie., is it only a matter of time before someone is able to do the same thing with Ubuntu or OSX?
Reply
Reply
Reply
Leave a comment