Announcement

Collapse
No announcement yet.

"Unfixable" Win7 exoloit

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • "Unfixable" Win7 exoloit

    Link....

    Researchers demonstrate "unfixable" Windows 7 exploit

    By Jose Vilches, TechSpot.com
    Published: April 24, 2009, 5:59 PM EST

    Researchers at a recent hackers' conference in Dubai have demonstrated what they claim is an unfixable exploit for Microsoft’s upcoming operating system. Apparently, they've found a way to gain control of a Windows 7 machine during the boot up process though the use of a tiny 3KB program dubbed VBootkit 2.0. Since no data is altered on the drive itself, it is hard to detect and of course even harder to remove.

    Once loaded, an attacker could potentially change passwords, access protected files, or do just about anything else remotely and then leave without a trace. Unlike most exploits out there, VBootkit 2.0 can't be installed remotely, so an attacker would need physical access to a machine in order to compromise it. Moreover, rebooting the computer gets rid of the security threat, as system memory is cleared during the process.

    Its severity is debatable, then, considering it can’t automatically spread through the web. However, it could be a concern for businesses and people using computers in public places. Microsoft hasn't commented on the exploit, but its creators say the problem stems from Windows 7’s assumption that the boot process is immune from attacks. It’s a design problem, they claim, one that cannot ever be fixed.
    Dr. Mordrid
    ----------------------------
    An elephant is a mouse built to government specifications.

    I carry a gun because I can't throw a rock 1,250 fps

  • #2
    The catch is that you have to have physical access to the system. Honestly, if a skilled computer tech gets their hands on your system there are few thing you can do short of whole drive encryption to break into your system.
    “Inside every sane person there’s a madman struggling to get out”
    –The Light Fantastic, Terry Pratchett

    Comment


    • #3
      Yes quite. But i think the point is, he would spike the machine, then go and finish remotely, hoping no-one rebooted, or having deactivated the possibility of rebooting or turning the machine off...

      It can be done with Linux too probably....and Mac
      PC-1 Fractal Design Arc Mini R2, 3800X, Asus B450M-PRO mATX, 2x8GB B-die@3800C16, AMD Vega64, Seasonic 850W Gold, Black Ice Nemesis/Laing DDC/EKWB 240 Loop (VRM>CPU>GPU), Noctua Fans.
      Nas : i3/itx/2x4GB/8x4TB BTRFS/Raid6 (7 + Hotspare) Xpenology
      +++ : FSP Nano 800VA (Pi's+switch) + 1600VA (PC-1+Nas)

      Comment


      • #4
        Or maybe use another piece of software as a carrier?
        "For every action, there is an equal and opposite criticism."

        Comment


        • #5
          How can it load during boot AND not require any file changes?
          That doesn't make sense to me.
          Chuck
          秋音的爸爸

          Comment


          • #6
            If you have physical access to a system, reading out the contents of the RAM is trivial. This is how law enforcement can read out the encryption key to 'unbreakable' full drive encryption through firewire ports, pcmcia, or any other physical interface that allows direct memory access if the OS is running (even when the OS is in a 'locked' mode).

            So imo the main problem with this is that operating systems need, rather than to prevent these exploits (which most likely is futile), to be able to warn the user that the system has been compromised.
            Last edited by dZeus; 1 May 2009, 01:30.

            Comment


            • #7
              How is this not a possible "exploit" for ANY general purpose operating system?
              Why Windows 7 in particular?
              Chuck
              秋音的爸爸

              Comment


              • #8
                it attracts media attention?

                Comment


                • #9
                  OMGS! WINDOW$ 7 I$ FR0M MICRO$$$$$$$OFT! WE MU$$$$$$$T REPORT IT IS EXPLOITABLE! OMGOMGOMGOMGOMGOMGOMGOMGOMGOMGOMGOMGOMGOMG!!!!!!!! !!11111one

                  This is an exploit for EVERY OS.

                  Plus, I can already hack any Windows box ever made if I have physical access.
                  The Internet - where men are men, women are men, and teenage girls are FBI agents!

                  I'm the least you could do
                  If only life were as easy as you
                  I'm the least you could do, oh yeah
                  If only life were as easy as you
                  I would still get screwed

                  Comment


                  • #10
                    When someone gets physical access to a system to hack it I think there are other more effective methods to steal or manipulate data. Plus that one can only make use of this "problem" as long as the PC isn't rebootet.
                    In my opinion it's more dangerous to believe that 100% security excists.
                    Asus H97 Pro Gamer| Intel i5 4690K| Noctua NH-U9B SE2 | Gigabyte GTX 1060 Windforce 3GB | Soundblaster ZxR | 8 GB Kingston HyperX Genesis DDR3 1600| LG 24 MP88HV-S

                    Comment


                    • #11
                      Code could be injected at boot-time into the shadow copy of the bios in ram.
                      That is simply the end of the idea of any kind of security if a bad guy has access to the physical machine.
                      After all, if the bad guys have access to the machine they could take the hds and crack anything on them at their leisure.
                      Chuck
                      秋音的爸爸

                      Comment


                      • #12
                        MS should release a patch immediately, it should secure my home so no one can get physical access!!

                        Comment


                        • #13
                          How it was told by MS?
                          The most secure system ever?

                          Comment


                          • #14
                            Originally posted by traveller View Post
                            How it was told by MS?
                            The most secure system ever?

                            I vote for ban. Read the posts. Linux is actually MORE affected by this patch, because people running Linux think that it's invulnerable.

                            Did we mention that MacOS can also be hacked this way?
                            The Internet - where men are men, women are men, and teenage girls are FBI agents!

                            I'm the least you could do
                            If only life were as easy as you
                            I'm the least you could do, oh yeah
                            If only life were as easy as you
                            I would still get screwed

                            Comment


                            • #15
                              don't be such an ass-hat Jason. Everybody knows that open source per definition is safer to use than M$ products.

                              Not to mention than the fact that MS Office 2007 recently acquired capability to produce Open document format excel sheets that are completely incompatible with other products that use ODF is not at all related to the ODF specifications.

                              Comment

                              Working...
                              X