Vista Secure? HA!

At the Black Hat Conference in Amsterdam, security experts from India demonstrated a special boot loader that gets around Vista's code signing mechanisms. Indian security experts Nitin and Vipin Kumar of NV labs
have developed a program called the VBootkit that launches from a CD
and boots Vista, making “on the fly” changes in memory and in files
being read. In a demonstration,
the “boot kit” managed to run with kernel privileges and issue system
rights to a CMD shell when running on Vista RC2 (build 5744), even
without a Microsoft signature.

Experts say that the fundamental problem that this highlights is
that every stage in Vista's booting process works on blind faith that
everything prior to it ran cleanly. The boot kit is therefore able to
copy itself into the memory image even before Vista has booted and
capture interrupt 13, which operating systems use for read access to sectors of hard drives, among other things.

Read the full article at Heise Security.  I am reading more from MS developers that many of the flaws in Vista are due to the DRM that is built in at a very low level.  We'll never know for sure, but I am willing to bet that this has something to do with DRM.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s