dc0de’s & friends notes…

After the recent Pwn2Own contest, the Microsoft product manager Peter LePage spoke out about the two “features” that were completely sidestepped to hack a Windows 7 system. He stated, ”

Just days after a pair of researchers outwitted major Windows 7 defenses to exploit Internet Explorer (IE) and Firefox, Microsoft said the measures AREN’T MEANT to “prevent every attack forever.”…

Pete LePage, a product manager with IE’s developer division, stood up for DEP (data execution) and ASLR (address space layout randomization), the security features that two hackers sidestepped to win $10,000 each at the high-profile Pwn2Own hacking contest last Wednesday

via Microsoft defends Windows 7 security after Pwn2Own hacks.

I find these comments from Mr. LePage a bit misguided, and very suspect.  How can a security “feature” so easily be sidestepped?  Two minutes?  I can’t wait until we get the details of the attack/exploit so that we can really see how this was done.

Posted on Tuesday, March 30th, 2010 at 11:34 in Common Sense, Computers, Information Security | rss feed for comments| Both comments and pings are currently closed.