Hacker News new | past | comments | ask | show | jobs | submit login

I don't know the ins and outs of Windows to a great degree, but that reads like an exploit waiting to happen.

Is this sort of functionality still present in Windows? If so, are they idiots or what?




There have been vulnerabilities found in the code handling mailslots, but the protocol itself is just a mechanism to do broadcast-based communication. It's old and crufty, dating back to the DOS LanManager days, but I'm sure there are applications out there that still rely on the functionality and, as is typical for Microsoft, the API still exists in modern Windows versions. (The NetBIOS "Browse List" functionality that powered "Network Neighborhood" uses this protocol, for example.)


I'm wondering if government agencies like the CIA, NSA and their counterparts in other countries look for vulnerabilities in programs but never report them to the vendors for fixing but instead catalog them for possible use in future exploits.

(actually, I'm not really wondering, it's probably naive to assume they wouldn't)


It's beyond that -- they actually have created a market for the trading of 0-days, and bid against each other using various proxies.


My own experience, meeting some of these people, suggests this is certainly correct.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: