Slashdot Mirror


VBootkit Bypasses Vista's Code Signing

An anonymous reader writes "At the Black Hat Conference in Amsterdam, security experts from India demonstrated a special boot loader that gets around Vista's code-signing mechanisms. Indian security experts Nitin and Vipin Kumar of NV labs have developed a program called the VBootkit that launches from a CD and boots Vista, making on-the-fly changes in memory and in files being read. In a demonstration, the 'boot kit' managed to run with kernel privileges and issue system rights to a CMD shell when running on Vista, even without a Microsoft signature. The demo was run on Vista RC2. The researchers say the only reason they didn't do it on Vista final was cost. Schneier blogged the exploit."

2 of 210 comments (clear)

  1. Re:Not a good week and it's only 1/2 over by Anonymous Coward · · Score: 0, Flamebait
    Let's see...
    • VBootKit "bitch slaps Vista" -- you're obviously a fuckin genious... here's a clue: ANY malware that loads onto the computer first can (to use your vernacular) "bitchslap" any software that loads after it. This is a non-story. Even the guys who wrote this thing said (paraphrasing) "it just goes to show that if you have physical access to hardware, you can do whatever you want"... which is like, NetEngineer training day 1, hour 1 stuff (right after the "Hi my name is..." part of the course).
    • Anyone who actually lets a website install (a) Smilies or (b) Animated Cursors on their computer, pretty much deserves whatever happens to them.
    • Other Apple headline of the week: "Apple gets investigated by EU for iTunes Monopolistic Practices"
    • One popular HD-DVD Title doesn't work, sounds to me more like something anomolous done by the producer of that particular title.
    • Yet another B/S lawsuit brought by an American looking for a cash payout from a rich corporation. That whole thing is such complete crap it makes the McD's hot coffee suit look like serious legerdomain. First off, the stickers are accurate. Second, if the OEM's portray the computer's that THEY'RE selling in a misleading way, then it's THEIR fault the customer was mislead, not MS's. Third, most "consumer rights" in most of the US are based on the precept of "Buyer Beware". If you're a non-technical person and you're buying a PC, and you F-it-up b/c you couldn't bother doing a little research, well TFB, it's you're own damn fault. This suit is so frivolous, that, if the justice system had any degree of rationality in it, I'd be surprised if it went anywhere. Being as it's an American tort court, logic and rationality have very little meaning though so she'll prolly get a payday out of it anyway...

      -AC
  2. Re:Is it just me that thought by Ash+Vince · · Score: 0, Flamebait

    I have a feeling these people know a little more than you. :)

    --
    I dont read /. to RTFA, I read /. to offend people in ignorance.