homepage Welcome to WebmasterWorld Guest from 54.237.95.6
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)
Forum Library, Charter, Moderators: bill

(deprecated) Microsoft Windows OS (XP/NT/Vista) Forum

    
Vista Hacked at Black Hat
engine




msg:3037233
 2:03 pm on Aug 7, 2006 (gmt 0)

While Microsoft talked up Windows Vista security at Black Hat, a researcher in another room demonstrated how to hack the operating system.

Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running.

And in a second part of her talk, Rutkowska explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill.

Vista Hacked at Black Hat [news.com.com]

 

aspdaddy




msg:3037351
 3:21 pm on Aug 7, 2006 (gmt 0)

"I just hit accept," Rutkowska replied to a question from the audience about how she bypassed UAC.

A logged on user choosing to ignore warnings & install malicious code - does that count has hacking these days?

bhonda




msg:3037360
 3:28 pm on Aug 7, 2006 (gmt 0)

A logged on user choosing to ignore warnings & install malicious code - does that count has hacking these days?

I personally don't think so, but if malicious code can be run by the user, maybe that's an indication that some automated code could do the same, without the user knowing...

Xkribble




msg:3037407
 3:59 pm on Aug 7, 2006 (gmt 0)

I would be more dissapointed if a logged in user couldn't run the code. Other than as some sort of limited user I should be able to run anything on a system that I'm logged into, malacious or not.

If this means that something could potentially run without my knowledge (which I'm kind of skeptical of) then so be it... that's the price of full control.

Easy_Coder




msg:3037518
 5:13 pm on Aug 7, 2006 (gmt 0)

I agree with aspdaddy... that's working as designed

EliteWeb




msg:3037536
 5:35 pm on Aug 7, 2006 (gmt 0)

MmMmm Defcon :)

vincevincevince




msg:3038010
 12:54 am on Aug 8, 2006 (gmt 0)

Some of these 'experts' have to remind themselves what an operating system is. It's not a pretty GUI for Samantha's word processing and web-browsing, it is a fully integrated multi-tasking computation environment.

As already alluded to by Xkribble's perceptive post, there is absolutely no reason why an operating system should refuse to run any code if the user chooses to 'accept' (reject) the security warning.

Perhaps Joanna Rutkowska would prefer that the OS only allows execution of code pretested and precertified by Microsoft?


LISTO 7
10 PRINT "HELLO WORLD"
RUN
Error at line 10. Attempt to execute uncertified code.

bill




msg:3038164
 4:39 am on Aug 8, 2006 (gmt 0)

heh heh

Another point in the article:
To stage the attack, however, Vista needs to be running in administrator mode, Rutkowska acknowledged. That means her attack would be foiled by Microsoft's User Account Control, a Vista feature that runs a PC with fewer user privileges.

Vista is making it a lot easier for the average user to operate without using an Admin level account.

AbsintheSyringe




msg:3038268
 8:20 am on Aug 8, 2006 (gmt 0)

Too bad they havent announced the results of testing :)

rise2it




msg:3039591
 6:03 am on Aug 9, 2006 (gmt 0)

Ah, Vince, the old days of 'line numbers'.....

Thinking back, I never had these security issues with my Commodore 64...

opifex




msg:3039604
 6:25 am on Aug 9, 2006 (gmt 0)

.... or TRS80s, or CoCos, etc
the good old days!

shigamoto




msg:3039853
 12:55 pm on Aug 9, 2006 (gmt 0)

There are practically no software that you can't hack, researchers need to make a living too :)

scintex




msg:3041072
 11:40 am on Aug 10, 2006 (gmt 0)

Of course terms such as hacked/cracked are subjective in our current culture.

I would assume that with Vista, there needs to be clarification/categorisation between the "you clicked the yes button stupid and it did something bad" issues and those that require no action from the user.

Each of these are hazards and what I'd love to see is a low risk of none-user involved problems and a healthly usuable balance between hazard/risk based on operations a user can do by default.

mrMister




msg:3041074
 11:41 am on Aug 10, 2006 (gmt 0)

A user logged in as administrator can potentially install an unsigned driver if they try really hard.

In every other operating system, unsigned drivers can be installed by administrators without any hacks. This includes previous versions of Windows such as Windows XP.

What Microsoft is trying to do is to improve stability of computers by ensuring all drivers are certified by Microsoft. Thus making it less likely that malfunctioning drivers will find their way on to end-users computers.

So it's now theoretically possible that a hardware manufacturer could save costs by incorporating these hacks in to their drivers and release them to the public without going through the certification process.

In practice, this wont happen. Microsoft could patch this particular issue at any moment and suddenly all the users of hardware with unsigned drivers would find their hardware not working at all. No hardware manufacturer is going to want a scenario like that on their hands.

There's no conceivable way that Microsoft could stop a user from creating drivers on their computer. it's just not possible. There's always a way that a user can bypass the operating system and install the drivers at a lower level and use workarounds from within windows to allow access.

Microsofts intention is to stop hardware manufacturers issuing unsigned drivers to the public. This workaround does not feasably offer a way for manufacturers to issue unsigned drivers. It really is a non-issue.

killroy




msg:3043728
 10:21 am on Aug 12, 2006 (gmt 0)

In my experience, user error can eaasily defeat any number of protections and security features.
What I would like to see is a permanent virtual machine, with a System restore like roll back (i.e. incremental backup) for the entire VM. Let them do all their browsing in a VM and keep it isolated and readily replaceable.

vincevincevince




msg:3043770
 12:25 pm on Aug 12, 2006 (gmt 0)

Microsofts intention is to stop hardware manufacturers issuing unsigned drivers to the public.

I personally believe this to be a bad thing and hope that it is circumventable. Microsoft should not be the body responsible for deciding what code runs easily and what code they runs only as an administrator and with warnings. It needs to be someone like the ISO.

When XYZ Corp. comes out with an X Box 360 emulation card at $25.00 or something which treads of Microsoft's toes - do you really think Microsoft are going to allow that code to be certified...?

scintex




msg:3046828
 12:05 pm on Aug 15, 2006 (gmt 0)

The VM idea is a good one. Currently I browse using VMWare Player and various small Linix distros with FireFox. The VM never saves any data, it just refreshes from the image each time I start up.

Or you can just install VMware's browser appliance which achieves the same thing.

S

wmuser




msg:3053024
 9:10 pm on Aug 19, 2006 (gmt 0)

Didnt surprised me

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved