How do they do that?

plnelson · 07-18-2005, 03:46 PM

In the current issue of PC Magazine they review anti-spyware tools that prevent websites from changing your registry, installing keyloggers, or changing your Favorites.

I'm a software engineer and I don't understand how a website could do those things in the first place! Wouldn't it take executable code that could access the appropriate API's? If the browser is running with ActiveX and Java disabled how do websites manage, say, to access your Registry in order to change it?

BMR777 · 07-18-2005, 05:19 PM

VIA Security Holes?

BMR777

**Terrister** · 07-18-2005, 05:31 PM

All the more reason to load all the updates from Microsoft. They plug these holes as they are found.

**UncleMacro** · 07-18-2005, 05:44 PM

The most common method of executing your own code on their computer is by using buffer overruns. What you do is take advantage of code which doesn't check when too much data is loaded into a buffer. C doesn't range check for you. You have to do it yourself and lots of people forget. Since the data for the buffer is stored on the stack, all you have to do is load too much data into the buffer to overwrite a return address. You can arrange for the return address to aim at code which you have loaded into a string somewhere in memory. When the routine returns it goes to the return address which you set up. It starts executing your code and with all the privileges of whatever routine was running. This takes careful formatting of your data but that's no big deal if you're good with a disassembler.

07-18-2005, 03:46 PM	#1 (permalink)
plnelson Member Join Date: Aug 2004 Posts: 24 OS: Win2K, XP Pro, XP Home, Suse Linux	How do they do that? In the current issue of PC Magazine they review anti-spyware tools that prevent websites from changing your registry, installing keyloggers, or changing your Favorites. I'm a software engineer and I don't understand how a website could do those things in the first place! Wouldn't it take executable code that could access the appropriate API's? If the browser is running with ActiveX and Java disabled how do websites manage, say, to access your Registry in order to change it?

07-18-2005, 05:19 PM	#2 (permalink)
BMR777 Tech, Microsoft Support Join Date: Apr 2005 Location: Chicago, IL Posts: 1,395 OS: XP Pro, XP Home, Vista Home Basic, Ubuntu Studio Blog Entries: 2	VIA Security Holes? BMR777 __________________ Brandon Rusnak Protection: AVG Free Anti Virus :: Windows Defender :: Hosts File :: SiteAdvisor :: ZoneAlarm Quick Fixes: 5 Steps to remove spyware

07-18-2005, 05:31 PM	#3 (permalink)
Terrister Moderator Hardware Forum Join Date: Apr 2005 Location: West Georgia, USA Posts: 6,919 OS: Xp	All the more reason to load all the updates from Microsoft. They plug these holes as they are found. __________________

07-18-2005, 05:44 PM	#4 (permalink)
UncleMacro Moderator Join Date: Jan 2005 Location: San Diego Posts: 2,127 OS: Vista SP1 My System	The most common method of executing your own code on their computer is by using buffer overruns. What you do is take advantage of code which doesn't check when too much data is loaded into a buffer. C doesn't range check for you. You have to do it yourself and lots of people forget. Since the data for the buffer is stored on the stack, all you have to do is load too much data into the buffer to overwrite a return address. You can arrange for the return address to aim at code which you have loaded into a string somewhere in memory. When the routine returns it goes to the return address which you set up. It starts executing your code and with all the privileges of whatever routine was running. This takes careful formatting of your data but that's no big deal if you're good with a disassembler. __________________