Saturday, 7 May 2016

On 23:21 by admin   No comments
TechTarget China Google [original] Two security researchers in the past few years found 20 kernel-level bug, about half have not yet repaired, affecting Windows, Linux and popular VMware virtualization software.

Google engineer Tavis Ormandy and Julien Tinnes considered necessary to enhance the security level of the kernel. They recently shared their kernel security research at CanSecWest security conference application. They hope to inspire those data the operating system kernel developers to narrow the scope of the attack.

The underlying operating system code is part of the kernel, to handle the process, resources and memory allocation. Although the amount of attacks against kernel exploit is unlikely, but because of their increasingly complex sophisticated attacks, will become very dangerous. A successful attack will cybercriminals target system and be able to completely overcome it and get all the resources.

Tinnes said: The core of the complexity of creating a diverse and interesting logic errors that it may be more complex, but it will be more attractive because you can do whatever you want to do.

Linux kernel bug more, but the attacker rarely attack them, because the amount of users operating system is small, and therefore less attractive to cybercriminals. But researchers say, Windows Kernel Vulnerability amount is still rising in the past seven years there have been six remote executable error. An attacker can use a Web browser and video drivers into the kernel as a starting point.

Researchers did not provide details of all vulnerabilities – half of the vulnerabilities are not patched –Tinnes that exist in some of the Linux kernel memory corruption errors, six classic buffer overflow errors and null pointer reference, which points are stored in the machine's memory The data. Tinnes said that the current patch to these errors is difficult, every major Linux versions (2.4 and 2.6) comes with a kernel exploit.

Tinnes said: Linux kernel developers do not realize that one of the security consequences, people now understand the problem.

Page fault occurs when abnormal Ormandy focused on Windows Server 2003, he found that when the code does not have sufficient permissions to access a page. Researchers can attack this bug, and as tourists get access to VMware's core.

Ormandy said: We found a way to let VMware set up monitoring to control user error page.

Reducing attacks of technology is progress. Trusted path executable file in the Linux kernel configuration by reducing the number of executable files can be achieved to reduce the threat of malicious code running in the kernel, this approach increasingly popular on the Windows platform. Number of process application sandbox to limit the application can run, but also to achieve the purpose of reducing the attack occurred.

Tinnes said: The present situation of the attack, whether simple or complex, most easier for remote control even if you use Microsoft Office or Google's Chrome's sandbox technology, in order to eradicate the kernel attack is still very difficult.


Post a comment