Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Show How To Take Control of Windows 7

Posted by CmdrTaco on from the hey-wait-a-minute dept.

alphadogg writes "Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday. Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. 'There's no fix for this. It cannot be fixed. It's a design problem,' Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack. While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely." Which makes me wonder why I'm posting this :)

9 of 325 comments (clear)

  1. To recap... by xmarkd400x · · Score: 2, Funny

    You need full, physical control of a computer running Windows 7 in order to get software access to it?

  2. Re:YOU weren't posting, ken dawson was by negRo_slim · · Score: 1, Funny

    Having physical access to the box kind of takes away all the fun...

    --
    On the Oregon Cost born and raised, On the beach is where I spent most of my days
  3. sheeeet, negro. that's all you had to say! by gandhi_2 · · Score: 5, Funny

    This is contrasted with Mac OSX which uses a combination of Gracie-style Brazilian Jiu Jitsu, Hapkido, and oratorical prowess to keep would-be haxors at bay while the police are enroute. Or the Linux lack of social skills which avoids "physical access" altogether.

    --
    THL phish sticks
    1. Re:sheeeet, negro. that's all you had to say! by RoboRay · · Score: 2, Funny

      Are you kidding? All I need to hack your system is a razor blade and a roll of masking tape!

  4. Re:YOU weren't posting, ken dawson was by VisualD · · Score: 3, Funny

    Also restarts kill it. This is Windows we're talking about here...

  5. Re:Yes, why post this? by greenguy · · Score: 4, Funny

    OK, they're claiming that if they have physical access, they can take control while it boots.

    Sounds like they simply waited for it to finish booting. Ta-dah! They have control of it!

    --
    What if I do the same thing, and I do get different results?
  6. Re:I cannot believe it... by MyLongNickName · · Score: 4, Funny

    Hi. I see you are making fun of a "security vulnerability". This vulnerability involves being physically present at a PC and being able to boot it. This is a security vulnerability in the same way that my house is insecure to folks who I invite over for dinner.

    You obviously have no clue, and I would recommend not posting in security vulnerabilities discussions any more.

    kthxbai.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  7. Re:Physical Security is a big issue by Anonymous Coward · · Score: 1, Funny

    If someone has physical access to your computer, you've already lost.

    Not really. My box has a nice chunk of C4 explosive inside it. Three failed login attempts and you're gone.

  8. Re:YOU weren't posting, ken dawson was by home-electro.com · · Score: 3, Funny

    This is a very old news. A similar article was posted about a year ago. New guy - same shit. The attacker needs a physical access to the PC, which is absolute no-fair. Why the fukc you need to fuss around, when you just can take the whole thing home?

    The same can be said about any OS -- if you allowed to mess with its files, you can make a rootkit. How dumb one have to be to make a story out of this nonsense?

    OMG, "There is no fix for this, it is a design problem". You damn right, it is a design problem. IN YOUR HEAD.