h/t @nyanbinary
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary This is why we always advocated for MAC rather than addling layers of bullshit. Ya'll are just increasing the attack surface area all the time. You need to REDUCE it with a tiny thoroughly audited reference monitor.
-
@Viss @nyanbinary This is why we always advocated for MAC rather than addling layers of bullshit. Ya'll are just increasing the attack surface area all the time. You need to REDUCE it with a tiny thoroughly audited reference monitor.
@Viss @nyanbinary Can't make money doing that though... and that's all anyone cares about.
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary straight out of Jennifer Government. (A good read if you haven't read it)
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary this isn’t even the first time this has happened with Defender
-
@Viss @nyanbinary straight out of Jennifer Government. (A good read if you haven't read it)
@jeffers00n @Viss @nyanbinary also a subplot in Snow Crash iirc
-
@jeffers00n @Viss @nyanbinary also a subplot in Snow Crash iirc
@mpc3032at @jeffers00n @nyanbinary oh boy its been a while since i listened to snowcrash on audiobook.
s'too bad we cant have a "but they're sure to listen to reason" moment
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
Ah good. Now I don't have to deal with code signing my app any more.
-
@mpc3032at @jeffers00n @nyanbinary oh boy its been a while since i listened to snowcrash on audiobook.
s'too bad we cant have a "but they're sure to listen to reason" moment
@Viss @jeffers00n @nyanbinary aww i remember almost nothing about the book now, but the one lady hacking away feverishly on that was a standout for me at the time, it seemed so cool, in like a 'obvious in retrospect' way... but actually living it derpishly like this is... i dunno
(also, hello fediverse! 2nd ~post, woo! and hello fediverse person... you gave me lovely positive feedback in *minutes*... i like this!)
more ->
-
@Viss @jeffers00n @nyanbinary aww i remember almost nothing about the book now, but the one lady hacking away feverishly on that was a standout for me at the time, it seemed so cool, in like a 'obvious in retrospect' way... but actually living it derpishly like this is... i dunno
(also, hello fediverse! 2nd ~post, woo! and hello fediverse person... you gave me lovely positive feedback in *minutes*... i like this!)
more ->
@Viss @jeffers00n @nyanbinary a couple years back i got depressed about softwaring because of this ~'AI' silliness coming down the pike, but of late it is SO BAD i feel incrementally fired up, renewed
riffing wildly, maybe software, because of its peculiar nature (this reified perfection of causality) is a good, stark example of why things should be done by people who love the things...because when not, the error compounds exponentially, and we get *this* (gestures wildly all around)
-
@Viss @jeffers00n @nyanbinary a couple years back i got depressed about softwaring because of this ~'AI' silliness coming down the pike, but of late it is SO BAD i feel incrementally fired up, renewed
riffing wildly, maybe software, because of its peculiar nature (this reified perfection of causality) is a good, stark example of why things should be done by people who love the things...because when not, the error compounds exponentially, and we get *this* (gestures wildly all around)
@mpc3032at @jeffers00n @nyanbinary yeah i wager youre probably in good company here
-
@mpc3032at @jeffers00n @nyanbinary yeah i wager youre probably in good company here
@Viss @jeffers00n @nyanbinary yay!
Vive la révolution!
(although, evolution preferably... i offer myself to the commons for the cause, lol)
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary Reminds me of Taviso's P0 research from a few years ago targeting AV scanning sandboxes/VMs.
-
Ah good. Now I don't have to deal with code signing my app any more.
@argv_minus_one @Viss @nyanbinary I wonder if I can use this to configure winrm so I can remote in and fix the random shit Microsoft keeps breaking.
-
@Viss @nyanbinary Reminds me of Taviso's P0 research from a few years ago targeting AV scanning sandboxes/VMs.
@AlesandroOrtiz @nyanbinary oh yeah, 100%
-
@jlin @nyanbinary i think france, denmark and germany have the right idea - just ditch windows entirely
@Viss @jlin @nyanbinary Ditches have a purpose. They are not for refuse. Put that shit in the trash.
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary Sufficiently advanced Windows services are indistinguishable from malware
-
@Viss @nyanbinary Sufficiently advanced Windows services are indistinguishable from malware
-
@Viss
Though that kinda is always the risk
Antivirus just had the biggest attack surface
@nyanbinary@_GreyWolf @Viss yip, that is correct & you arent going to see me jump the bandwagon of "AV is bad". imo the conclusion then needs to be beyond-rigorous QC. Unfortunately that is something MS has very much lost my trust there, even for components like Defender.
-
h/t @nyanbinary
so let me get this straight
microsoft defender, the built-in antivirus tool for windowshas a heap based buffer overflow that leads to remote code execution
if you get it to scan a file, and that file is crafted the right way.
the antivirus tool is the carrier for the execution of malware.
@Viss @nyanbinary
Since I turned off Defender – I've gotten back 1GB of RAM and 15% blocked CPU power – and replaced it with my brain. That's all.
"... Yip!
