Research reveals that the MS Windows API is intrinsically insecure; any application can spoof window messages to any other application, regardless of permissions, bypass the feeble "security" present and pull off all sorts of exploits. In other words, typical Microsoft security. And furthermore, the flaw is fundamental to the API and is irreparable, short of changing the fundamental design of the Windows message queue mechanism and breaking every existing Win32 application. (via the Reg)

Posted by: GJW | http://the-fix.org | Thu Aug 8 01:19:52 2002

Fuck me! That's crazy! As if a control should have the ability to WHAT EVER is in the messages sent to it! I was under the impression controls in windows were drawn and managed by the application, like in X - clicking on a button essentially told the application to run a sub-routine that would handle the input - if the input was bogus nothing would get done. What a stupid concept.

Posted by: acb | http://dev.null.org | Thu Aug 8 06:16:51 2002

No, they're not. Back in the days of trusted, homogeneous NetBIOS LANs, some clever designer at Microsoft decided to put "intelligence" into controls, because it seemed like an intelligent thing to do. And it does, in a world where security is not a concern.

Posted by: Graham | http://grudnuk.com/vm/ | Fri Aug 9 02:28:52 2002

On the upside, I gather it makes watertight DRM voodoo impossible to implement on Wintendo boxen...

Want to say something? Do so here.

Note to spammers: This comment system applies the rel=nofollow attribute to the poster's URL and all links. Posting links to this page will not improve their search engine rankings.

Display name:
URL:(optional)
To prove that you are not a bot, please enter the text in the image on the right in the field below it.

Your Comment:

Remember my details.

Please keep comments on topic and to the point. Inappropriate comments may be deleted.

Note that markup is stripped from comments; URLs will be automatically converted into links.