Yep! So as predicted, GetRealOwner(WindowC) is WindowC, and the exit condition will never be satisfied, it's stuck!

This was the first time I've encountered this bug while using IDA, and I haven't been able to reproduce it since, so I suspect there is some subtle race condition to blame. Thankfully I was able to recover my idb with minimal lost work, but the question remains, is it the developer's responsibility to guarantee they don't create cycles, or Microsofts?

I've mailed a testcase to Microsoft, but I'm not sure what they'll say.

sync sync sync

--timball

Creating Window Cycles

Check out the kick ass questions youtube asks about your blog!

After that you can stare at this video: Max Thief ft. MI5 - Grimey

--timball

YouTube - Broadcast Yourself.

bwahahahahahaa

� Super Bowl stadium site hacked, seeded with exploits | Zero Day | ZDNet.com

FIPS-140-2 certification is required for cryptographic products used by agencies for unclassified but sensitive information. OpenSSL is an open-source version of Secure Sockets Layer encryption that can be used by browsers and other programs to securely exchange data.

OpenSSL loses it's FIPS certification.

Open Source encryption module loses FIPS certification

Mike Lynn is being hailed in some quarters as a hero, but I don't buy it. I'm sure his heart was in the right place when he discussed a serious vulnerability in Cisco routers at the recent Black Hat USA conference, and his courage in quitting his job, rather than be censored by Cisco and his own employer, is admirable.

But that still doesn't make what he did right. My main concern is that now, hackers are working overtime to figure out how to break into these routers and wreak their havoc. Here's what Brian Krebs, the Washington Post's excellent computer security reporter, said in a blog from the conference:

And Keith Ward is a douche-rocket.

Redmond | News: Opinion: Thanks, Mike Lynn -- Thanks for Nothing

The EFF should support Mike Lynn in his defense against ISS and Cisco. If security researchers are not protected as Whistleblowers when they uncover major flaws, our critical communication infrastructure will be at serious risk. These are the Good Guys.

Mike has taken on enormous personal risk to do the right thing. So far, the general impression in the blogs is that he is doing the right thing. The mainstream media coverage has been good as well. This is a departure from the past, and a good one at that. The headlines contain words like "Whistleblower" and "Coverup"..

It is quite ironic that Cisco & ISS are taking the "Intellectual Property" tactic. Just to add some irony to it, here is a a post of Mike Lynn here on MemeStreams proving CherryOS stole OSS code from the PearPC project:

just incase anyone didn't believe them already here goes the analysis (I do this sort of thing for a living) first off CherryOS.exe is what we call in the security industry "packed", that means that they have taken a compiled binary and run it through an obfuscator to make it hard to reverse engineer (or at least with hard if all you're doing is strings)...this is common for virus writers, worm writers, 31337 bot net kiddies, and on the legitimate side, game developers do this a lot...its not very common among the commercial (or free) legitimate software market (mostly because it doesn't work and doesn't do any good) so, the easiest way to defeat the packing is simply to let it start up (this one has several annoying checks for debuggers so its easiest to just attach after its loaded)...

the eula for this thing says its a violation to reverse engineer it, but if you do disassemble it you find they never had the rights to license it in the first place, so I don't feel worried to put this here...

I think I have made it clear beyond a shadow of a doubt that CherryOS.exe, shipped as the core of cherryos is nothing but a recompiled version of PearPC...it has at most minor changes, most to strip attribution, hide the theft, or remove debugging output...

The only way we can fault Mike's research is with petty things like not consistently using upper case letters in his posts. The technical end of his work is flawless.

Both Cisco and ISS are attempting to spin Mike's research and make it look incomplete, but the truth of the matter is he demo'ed his technique in front of a room of people, and no one has found fault with it.

If this tactic continues, it will approach a very transparent form of character assassination. It will backfire on Cisco.

In the field of Security Research, Whistleblowing has always been a controversial issue. It is not a black and white thing. This article at CNET covers a number of the issues with disclosure of security problems that often come up. If you compare the ideas expressed in the article with what Mike actually did, you should come away thinking that Mike handled this ethically.

Mike Lynn is a Whistleblower, he should be protected

Wired just posted the best article so far.. Here are some of the highlights:

Lynn likened IOS to Windows XP, for its ubiquity.

"But when there is a Windows XP bug, it's not really a big deal," Lynn said. "You can still ship (data through a network) because the routers will transmit (it). How do you ship (data) when the routers are dead?"

"Can anyone think why you would steal (the source code) if not to hack it?" Lynn asked the audience, noting that it took him six months to develop an attack to exploit the bug. "I'm probably about to be sued to oblivion. (But) the worst thing is to keep this stuff secret."

"There are people out there looking for it, there are people who have probably found it who could be using it against either national infrastructure or any enterprise," said Ali-Reza Anghaie, a senior security engineer with an aerospace firm, who was in the audience.

During his talk, Lynn demonstrated an attack in real time using his own router, but did not allow the audience to see the steps. The attack took less than a minute to execute.

"In large part I had to quit to give this presentation because ISS and Cisco would rather the world be at risk, I guess," Lynn said. "They had to do what's right for their shareholders; I understand that. But I figured I needed to do what's right for the country and for the national critical infrastructure."

Wired News: Cisco Security Hole a Whopper

http://www.cisco.com/edu/peterpacket/

Someone at the marketing dept at cisco had -way- too much time on their hands.

Peter Packet || Jump into the Internet!

From speech_freedom2002@yahoo.com Wed Jul 16 10:59:47 2003
Date: Wed, 16 Jul 2003 06:14:52 -0400
From: Rockit [speech_freedom2002@yahoo.com]
Reply-To: root@se2600.org
To: root@se2600.org
Subject: [se2600] Interz0ne Press Release re: Blackboard Settlement

Interz0ne Press Release:

Censorship via lawsuit wins again.

Lawyers working for Blackboard Inc., the maker of a card transaction, vending and ID system used by approximately 275 colleges and universities globally, as well as an undiscosed number of government and military installations, succeeded in silencing two college students who have found numerous flaws in Blackboard's flagship product over the last two years.

Georgia Tech student Billy Hoffman, along with University of Alabama student Virgil Griffith, initially kept the discoveries quiet while attempting to report them to Blackboard engineers, along with possible fixes. Traditionally, the discoverers of such flaws allow the vendors time to fix problems before going public; this provides the vendors with essentially free quality control labor while the discoverers get later bragging rights and items to pad their resumes. This unofficial system has worked well in the past, to the extent that Blackboard even boasts of working with the hacker community on their website.

Instead of taking an interest in news of these flaws, however, Blackboard engineers first dismissed Hoffman as a know-nothing "kid", then attempted to have him expelled from Georgia Tech after he voiced his concerns about Tech's Blackboard system to campus administrators and student organizations. Hoffman responded by first publishing his (and later Griffith's) findings, and then updating his articles via talks at various vendor and security conferences.

It was at such a conference, Interz0ne II in Atlanta, that Hoffman and Griffith were planning to discuss the most severe problems they had uncovered to date, including a demonstration of several easy-to-assemble hardware devices that could supposedly allow anyone with malicious intent free reign on a Blackboard system.

Hoffman and Griffith never gave their talk.

Instead, they and the convention organizers were served with both restraining orders and cease and desist orders. Court dates soon followed, along with legal threats. Several months after the convention, both Hoffman and Griffith settled out of court. They refuse to discuss the issue, so one can assume that the settlement includes an NDA.

Blackboard spokesdrone Michael Stanton stated to AP reporters on Monday, July 14th (a day before the settlement was officially filed) that "...the claims [Hoffman and Griffith] were making were silly," that "...they really didn't do a lot of the things they were claiming to [have done]" and that the settlement reaffirms that Blackboard's systems are secure.

Bullshit.

The settlement does nothing of the sort.

If Hoffman and Griffith's clai... [ Read More (0.4k in body) ]

Interz0ne Press Release - re: Blackboard Settlement

Okay it's not security... I just don't have misc on my list.

EVIL DEAD 1 & 2 - The Musical