7th
04-27-2009, 12:49 AM
source: IGN.com - http://gear.ign.com/articles/976/976242p1.html
Researchers claim new operating system's boot up sequence is flawed and completely unfixable.
April 24, 2009 - This week the world's leading cybersecurity professionals gathered in Dubai at the Hack In The Box Security Conference to discuss the state of the industry, identify new threats, share pro-tips, and play Dungeons and Dragons. Ok, probably not that last part, but you get the point; high-nerdery was clearly afoot at the Sheraton Dubai Creek. One of the more prominent topics of discussion was Microsoft's latest operating system, Windows 7. While a number of exploits and potential vulnerabilities of the system were discussed at the conference, one identified loophole in the system has security professionals troubled…and morbidly fascinated.
http://gearmedia.ign.com/gear/image/article/976/976242/w7_01_1240596836.jpg
A team of researchers located an exploit within the new operating system that can allow hackers to take control of a user's machine during the startup process. The problem was identified by Vipin Kumar and Nitin Kumar, who created a program called VBootKit 2.0 that exploits the weakness and allows a hacker to bypass the machine's hard drive entirely, making it nearly impossible to detect. Once hackers can implement the software, they can then change access permissions, passwords, and gain access to a user's sensitive information. What's worse, a program like the one created by Vipin and Nitin Kumar can be as small as 3KBs, and thus can be spread rapidly. Naturally, problems like these are common during the pre-release beta stages, but Vipin and Nitin Kumar claim that this vulnerability is unique and completely unfixable.
"There's no fix for this. It cannot be fixed," said Vipin during his presentation in Dubai. "It's a design problem."
Microsoft has yet to comment on the exploit or formally acknowledge its existence, however, if Vipin and Nitin's claims are true, it could mean serious trouble for the forthcoming operating system's sales.
Researchers claim new operating system's boot up sequence is flawed and completely unfixable.
April 24, 2009 - This week the world's leading cybersecurity professionals gathered in Dubai at the Hack In The Box Security Conference to discuss the state of the industry, identify new threats, share pro-tips, and play Dungeons and Dragons. Ok, probably not that last part, but you get the point; high-nerdery was clearly afoot at the Sheraton Dubai Creek. One of the more prominent topics of discussion was Microsoft's latest operating system, Windows 7. While a number of exploits and potential vulnerabilities of the system were discussed at the conference, one identified loophole in the system has security professionals troubled…and morbidly fascinated.
http://gearmedia.ign.com/gear/image/article/976/976242/w7_01_1240596836.jpg
A team of researchers located an exploit within the new operating system that can allow hackers to take control of a user's machine during the startup process. The problem was identified by Vipin Kumar and Nitin Kumar, who created a program called VBootKit 2.0 that exploits the weakness and allows a hacker to bypass the machine's hard drive entirely, making it nearly impossible to detect. Once hackers can implement the software, they can then change access permissions, passwords, and gain access to a user's sensitive information. What's worse, a program like the one created by Vipin and Nitin Kumar can be as small as 3KBs, and thus can be spread rapidly. Naturally, problems like these are common during the pre-release beta stages, but Vipin and Nitin Kumar claim that this vulnerability is unique and completely unfixable.
"There's no fix for this. It cannot be fixed," said Vipin during his presentation in Dubai. "It's a design problem."
Microsoft has yet to comment on the exploit or formally acknowledge its existence, however, if Vipin and Nitin's claims are true, it could mean serious trouble for the forthcoming operating system's sales.