Slashdot Mirror


VBootkit Bypasses Vista's Code Signing

An anonymous reader writes "At the Black Hat Conference in Amsterdam, security experts from India demonstrated a special boot loader that gets around Vista's code-signing mechanisms. Indian security experts Nitin and Vipin Kumar of NV labs have developed a program called the VBootkit that launches from a CD and boots Vista, making on-the-fly changes in memory and in files being read. In a demonstration, the 'boot kit' managed to run with kernel privileges and issue system rights to a CMD shell when running on Vista, even without a Microsoft signature. The demo was run on Vista RC2. The researchers say the only reason they didn't do it on Vista final was cost. Schneier blogged the exploit."

7 of 210 comments (clear)

  1. Boot Sector Virus by w128jad · · Score: 5, Insightful

    Are we about to see the dawn of a new day for the Boot Sector Virus?

    --
    w2^7me out.
  2. and in a related story... by Ferzerp · · Score: 3, Insightful

    "hacker" uses a boot disk in linux and wipes the root password!!!

    Why is this a story? Physical access (needed to boot from an alternate source) has always been root access.

  3. Re:Is it just me that thought by Sancho · · Score: 5, Insightful

    They probably did--that's probably why they are confident that it would work on there. They just don't want to actually claim success since it was done illegally.

  4. if you have physical access to the system... by dioscaido · · Score: 4, Insightful

    ...enough to do things like boot up the machine using alternate media, then the battle is essentially lost, no?

  5. easy to miss the point here by eerok · · Score: 5, Insightful

    Many are seeing this as a security exploit, but it seems to be a workaround to gain usability.

    Interesting reversal here, but one can argue that, with Vista, the user is the virus. No surprise that people are fighting back to regain control over their machines.

    --
    "The happiness of credulity is a cheap and dangerous quality." -- George Bernard Shaw
  6. Re:Hmmmm... by Opportunist · · Score: 3, Insightful

    Umm... blow it to pieces?

    I forsee that this exploit will be less used for traditional attack rootkits, it seems more like a very convenient way to get rid of all the unwanted 'security features' (read: the ones that protect the makers of your content instead of you) of Vista.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. But what ... is it good for? by Opportunist · · Score: 5, Insightful

    Many have pointed out that an attack vector that requires the attacked user to jump through a few hoops is none. This is not entirely true, but I'll cover that later.

    What this is, though, is a way to gain more control over your machine. This matter has been discussed as an attack vector of some intruder trying to take over your machine. As this, it is probably not the most successful way of invading Vista (let's face it, folks, there are far easier ways). I'd like to shine some light on the opportunity of invading your own machine.

    Vista has some "features" that most people would just love to get rid of. And this seems to be the key to this goal. So I'd say this is less a way for someone to take control of your machine, more likely it's a way for you to take control of it.

    Of course, and here's your attack vector, the vast majority of people don't know what's ticking inside their box. They just wanna play their cracked games and view their ripped movies. And (bless the internet), they will learn about this hack and that it can be used to do just that. Being unable to rewrite the bits themselves, they will have to use tools provided by others. And they will very willingly jump through any hoops you present them, for the promise to get control over their machine, they'll give you admin access and reboot for you, they install whatever you want them to install.

    That's how this can be used to invade a machine. Sure, it takes a lot of help from the user, but the user will help you very willingly, for the promise of getting his machine back into his hands.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.