Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Hacking Challenge Answered

Posted by ryuzaki0 on from the still-some-work-to-be-done dept.

debiansid writes "Microsoft's most secure Operating System yet has been compromised at the Black Hat hacker conference. We all know that Andrew Cushman, Microsoft's director of security outreach invited the Black Hats over to touch and feel Vista in order to showcase the superiority of this OS. Joanna Rutkowska, from Coseinc, a Singapore-based security firm, obliged and showed how it is possible to bypass security measures in Vista that prevents unsigned code from running with the help of a little software she calls the 'Blue Pill.'" To be fair, the hack was possible only when the target is in administrator mode rather than a limited user account.

7 of 388 comments (clear)

  1. Would they tell anyway? by Alcimedes · · Score: 4, Interesting

    So if you're a black hat and you've found a new, as yet undiscovered hole in Vista, would you really go running to MS to tell them all about it so they can patch it?

    Or would you keep it to yourself in hopes that the final release will still contain the hole so you can pwn millions of new adoptors?

    1. Re:Would they tell anyway? by twofidyKidd · · Score: 5, Interesting

      More interestingly, will MS actually patch it, even with complete knowledge of the hole? If it further delays Vista's release (because of potentially complex code organization, or other roadblock), they might not even bother until later.

      --


      Hades, PoD: Official Advocate
    2. Re:Would they tell anyway? by Anonymous Coward · · Score: 4, Interesting

      They won't patch it because they can't. The software is really quite clever--it uses the hardware-based virtualization capabilities in newer AMD processors to move the currently running operating system into a VM (on the fly--no reboot!). Everything looks the same to the OS (no intermediary drivers like with VMWare, Virtual PC, et. al.)

      The software doesn't rely on a vulnerability in the OS, but rather a feature of the hardware... it could be ported to Linux/BSD/whatever quite easily.

    3. Re:Would they tell anyway? by jd · · Score: 5, Interesting
      No, the Black Hat wouldn't tell them about the hole. Well, not per-se. Not if there was some way of tricking Microsoft into thinking it was fixed, whilst leaving the Black Hat a back-door into everybody's systems. One way to do this would be to try and persuade Microsoft that only a subset of the values that would break security are a problem. Social engineer both the fix and the buglist. That way, if the Black Hat is ever detected, there's a good chance Microsoft will deem it a fixed bug and blame the victim, rather than investigating further.


      One of the dangers in hiring or consulting Black Hats who are any good is that 99% of security is all about social engineering - both the defence and the offense. Because of this, it is utterly impossible to distinguish between someone actually securing your systems and merely persuading you they have done so. Grey Hats will have basically the same social engineering skills but are more likely to teach you what to avoid, than to use those skills against you. This is not to say that Black Hats will always work against you - that's bad for business. All you can say is that what makes someone a Black Hat as opposed to a Grey Hat is that they wouldn't be opposed to doing so, and you'll never know.


      Oh yeah - I mentioned the use of social engineering in the protection of a system. The defences in any system will always be breakable with enough time and effort, so the only truly secure system is one that can socially engineer the attacker into believing that they have either already succeeded long before they really have or that there's nothing alive and listening for them to attack. Under no circumstances should obscurity be used as a substitute for social engineering. Obscurity hides what is important except to an attacker who has figured the obscurity out - which means that it can be used against the defender far more effectively than against the attacker. Social engineering hides nothing, it merely helps someone to see what they want to see. Because it hides nothing, it cannot be used against you, the worst possible case is that it'll cease to be as effective.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  2. question by spykemail · · Score: 5, Interesting

    The real question is: will elevating oneself to administrator become common practice or not? If admin land stay reserved for the likes of Slashdot, then problems like this will probably be greatly reduced. But that assumes that the difficulty in setting up an admin account isn't worth it for most people.

    --
    Haiku for you!
  3. Comment removed by account_deleted · · Score: 4, Interesting

    Comment removed based on user account deletion

  4. Missing the point about "Blue Pill" by etresoft · · Score: 5, Interesting
    People hack a MacBook using 3rd party hardware and software that they won't reveal, then claim the hack would also work on hardware they didn't demonstrate, then claim Apple "leaned on them" to keep the details secret. Suddenly, Macs have no more security. TFA didn't go into enough detail about the "Blue Pill". It wasn't really a hack in the same sense. It was a proof-of-concept to insert a rootkit into an x64-based OS without hacking. To quote the original author,
    I would like to make it clear, that the Blue Pill technology does not rely on any bug of the underlying operating system. I have implemented a working prototype for Vista x64, but I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD which can be run on x64 platform.
    People aren't worried about how to hack into Vista, they are working on brand new exploitation architectures using Vista. I have read elsewhere where Vista appears to have a TCP/IP stack designed from scratch. It includes all new implementations of the bugs that have been fixed over the past 15 years in all the other OSes.