Anonymous Reader writes: "I saw an interesting article on The Register titled 'Win32 API utterly and irredeemably broken,' here's the link to http://www.theregister.co.uk/content/4/26561.html with all the details.
Apparently it (the fundemental flaw(s)) stem from a comment made by Jim Allchin (who wouldn't dare say a word about WMS because of "national security" reasons. [ehhh, ok Jim, whatever]) Well anyhow, he let the cat outta the bag, piqued a whole lotta curiosity and, well... the rest is history. Has anyone actually tried this to see if it works (besides the orginal author?) Will someone try it and let us know? How many people knew about this? I didn't, and it steams me because we are kept ignorant and vulnerable for the "sake of security". In the mean time there are ones who ARE in the know and use these exploits against others (simply because they can and the victim never knows about it. Why? Because of Microsoft's 'SECURITY THROUGH OBSCURITY'!!)
Btw, I was comforted to find out that X windows is NOT suseptable as MS windows.
Here's the original authors web site, which can be found here: http://security.tombom.co.uk/shatter.html . Thank Linus for Linux!"