Page : 1/1

First Page    Prev. Page    Next Page    Last Page

Friday, 18 May 2007

Compromising the Windows Service or Driver failure event sink


Back in December 2006 Harlan C, Thor HoG and I had an interesting conversation about the possible use of a buffer overflow attack against the explorer process that scans a new drive and processes the content of AutoRun and .ICO files. I said at the time that I don’t have the skills necessary to write the exploit code, but I was pretty sure someone would.

For those interested, the subject line was "RE: U3 TEchnology was RE: strange new virus"; for reasons that will become apparent to the reader Smile

Sure enough, at the end of March 2007, someone thinking along the same lines (and sadly not crediting me or SecurityFocus!) worked out "Microsoft Windows Cursor And Icon ANI Format Handling Remote Code Execution Vulnerability", BuqTraq ID: 23194. I'm hoping that the same will happen again here...

If a windows service or driver set to start at boot (ie "Automatic") fails to start for whatever reason, a message is displayed at the console. The message also appears on top of the logon prompt, and is therefore running in the system context. The "service or driver failed to start" message is a generic event sink for a variety of failures (including, oddly enough "file not found").

It occurs to me that this event sink could probably be compromised, such that it would drop your exploit code out to executable RAM, and in the system context. System context under Windows 2003 is even more dangerous than it was under NT/2000, as under certain circumstances it allows access to the Active Directory Domain as well.

Printer Friendly Version | Comments [0] | #Security

Wednesday, 9 May 2007

Schedule 3 - New MSC Legislation


The Conservatives launched their Parliamentary attack on the new Managed Service Company (MSC) proposals during the recent Finance Bill debate. The Conservative Shadow Cabinet Minister (Ms Theresa Villiers) asked for comments from the contracting community on the effects of the new legislation. Here is my letter:



Madam

IR35 was introduced to stop the practice of individuals creating a Limited Company, and then using it to take advantage of the tax regime to pay less income tax. This benefit was partially offset by having to pay increased NI. The problem for the IR was created by the differing tax rates for businesses and individuals.

IR35 didn’t work for 2 main reasons:

1. Those freelancers who were able, performed a minor restructure, took slightly more risk and altered their contract terms - and easily moved themselves beyond the reach of the IR35 drag net.

2. Those freelancers who did not wish to expend the effort were serviced by the large number of umbrella schemes that immediately sprang up to present them to the IR in groups as larger corporate entities.

Most freelancers took one of these options, resulting in a very low tax take for IR35.

So long as badly designed and arguably unfair tax legislation exists, people will always seek to avoid excessive tax by arranging their affairs accordingly.

Rather than introduce more complex legislation designed to further target a small minority of the population (something inherently unfair), the government should simply remove the incentive that created the problem in the first place.

Somewhat radical solutions could be:
A. Abolish NI and flatten the tax system, so that income received by a company is taxed at the same rate as that received by an individual.

B. Abolish income tax altogether and make everyone, including companies pay increased VAT on goods that are not bought as stock for resale - IE items that depreciate in value, such as office equipment or fuel.

Regards

James

Printer Friendly Version | Comments [0] | #Rant Mode ON!

Hidden Image For SNS Client