While Microsoft talked up Windows Vista security at Black Hat, a researcher in another room demonstrated how to hack the operating system.
Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running.
In the second part of her talk, Rutkowska explained how it is possible to use virtualisation technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill.
"Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated," a representative for the software maker said. "In addition, we are working with our hardware partners to investigate ways to help prevent the virtualisation attack used by the Blue Pill."
At Black Hat, Microsoft gave out copies of an early Vista release for attendees to test. The software maker is still soliciting feedback on the successor to Windows XP, which is slated to be broadly available in January.
Rutkowska's presentation filled a large ballroom at Caesars Palace to capacity, even though it was during the last time slot on the final day of the annual Black Hat security confab in Las Vegas. She used an early test version of Vista for her research work.
As one of the security measures in Vista, Microsoft is adding a mechanism to block unsigned driver software to run on the 64-bit version of the operating system. However, Rutkowska found a way to bypass the shield and get her code to run. Malicious drivers could pose a serious threat because they run at a low level in the operating system, security experts have said.
More Info here
No comments:
Post a Comment