* Piotr Bania: > For those who are interrested, the paper can be downloaded from: > http://pb.specialised.info/all/articles/ewdd.pdf
| Device driver vulnerabilities are increasingly becoming a major | threat to the security of Windows and other operating systems. It is | a relatively new area [...] Which "other systems" are you talking about? The most obvious choices have been plagued for years by vulnerabilities in device drivers, file systems, and other fringe areas. I've looked at some of the recent Linux CVEs, and there are about five for driver code, six for driver infrastructure code, and 25 for other stuff (a lot of network-related things, but also some 32/64 interoperability stuff, but not really driver-related). As far as I can remember, the ration has been the same for quite some time now, so the real problem you are talking about seems to be "poorly written 3rd-party ring 0 code on Windows". However, I'm sure that this is a worthwhile area for investigation. 8-P _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
