Chris Paget <ivegotta@tombom.co.uk> writes: > 5) This is not a bug. This is a new class of vulnerabilities, like a > buffer overflow attack or a format string attack. No, it isn't. Otherwise Windows NT wouldn't offer countermeasures, would it? AFAIK, Windows NT allows applications to switch to different "screens" or "desktops", which run in different security contexts. For example, if you press Ctrl + Alt + Delete, you switch to such a different screen, The administrator password can be entered on this screen, and applications started by the user cannot sniff it. At least that's the theory. Maybe there are flaws in the implementation, but the design as such is sound. On the other hand, it doesn't seem to be possible to show dialogs on the real user desktop in a safe manner, but that's hardly surprising. Perhaps it's a bit hard to sell software which switches desktops in the required way, but I'm sure the programmers knew what they were doing. (I'm sorry about the incorrect terminology, I'm not familiar with Windows at all.) -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
