Vista Hacked At Black Hat

Posted by profdlp
Sunday, Aug 6th, 2006 at 1:00 pm in News

Perfect security measures are impossible to achieve, but let’s hope the final release of Vista is a little closer to the mark.

While Microsoft talked up Windows Vista security at Black Hat, a researcher in another room demonstrated how to hack the operating system.

Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running.

And in a second part of her talk, Rutkowska explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill.

MS: Buy Vista for the security

Source: ZDNet

10 Replies

1. 6 Aug 2006, 1:02 PM
   Kwitko

   Before the Windows bashers defile this thread, I would like to stress that no operating system is 100% safe. Millions of lines of code and you're bound to miss something somewhere.

2. 6 Aug 2006, 1:33 PM
   profdlp
   Quote:

   Originally Posted by KwitCo™ ...I would like to stress that no operating system is 100% safe...

   If it can be invented by the mind of man, it can be figured out by the mind of man.

   Unless that man is General Keebler.

3. 6 Aug 2006, 2:08 PM
   Thrax

   "...And in a last Alliance of Men, and Elves..."

   Er, sorry.

4. 6 Aug 2006, 3:15 PM
   Leonardo

   It should also be noted that Microsoft actually paid a sponsorship fee at this year's Blackhat convention. There were a couple MS corporate types there who formally invited convention attendees to test Vista and do their best to break in. I think that is good thinking.

   Oh yes, BTW, at the same convention OS-X was hacked into also. (Sorry for the generic terminology. I don't remember the details.)

5. 6 Aug 2006, 3:32 PM
   RWB
   Quote:

   Originally Posted by KwitCo™ Before the Windows bashers defile this thread, I would like to stress that no operating system is 100% safe. Millions of lines of code and you're bound to miss something somewhere.

   Not to mention this is still a beta product...

6. 8 Aug 2006, 3:57 AM
   CyrixInstead

   Wow this has turned into the "let's forgive Microsoft" thread!

   ~Cyrix

7. 8 Aug 2006, 10:48 AM
   WuGgaRoO

   hey they have bumbleded before and they will bumble again..need i remind u of one of the first win98 runs where the blue screen of death came up...

8. 8 Aug 2006, 11:13 AM
   airbornflght

   I was surprised M$ went to blackhat, though it is a good idea, cause the best people in the world are there.

9. 9 Aug 2006, 2:39 PM
   GrayFox
   Quote:

   Originally Posted by Leonardo It should also be noted that Microsoft actually paid a sponsorship fee at this year's Blackhat convention. There were a couple MS corporate types there who formally invited convention attendees to test Vista and do their best to break in. I think that is good thinking. Oh yes, BTW, at the same convention OS-X was hacked into also. (Sorry for the generic terminology. I don't remember the details.)

   The wi-fi driver was exploited nothing new there.

10. 9 Aug 2006, 2:44 PM
    Thrax

    No, it was something new. It's the first time someone has been able to successfully launch an attack at a PC via a wireless device without even having to contend with WEP, WPA or MAC filtering.