Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Vista Hacking Challenge Answered 388

Posted by ScuttleMonkey
from the still-some-work-to-be-done dept.
debiansid writes "Microsoft's most secure Operating System yet has been compromised at the Black Hat hacker conference. We all know that Andrew Cushman, Microsoft's director of security outreach invited the Black Hats over to touch and feel Vista in order to showcase the superiority of this OS. Joanna Rutkowska, from Coseinc, a Singapore-based security firm, obliged and showed how it is possible to bypass security measures in Vista that prevents unsigned code from running with the help of a little software she calls the 'Blue Pill.'" To be fair, the hack was possible only when the target is in administrator mode rather than a limited user account.
This discussion has been archived. No new comments can be posted.

Vista Hacking Challenge Answered

Comments Filter:
  • by Alcimedes (398213) on Monday August 07, 2006 @06:14PM (#15862422)
    So if you're a black hat and you've found a new, as yet undiscovered hole in Vista, would you really go running to MS to tell them all about it so they can patch it?

    Or would you keep it to yourself in hopes that the final release will still contain the hole so you can pwn millions of new adoptors?
    • by twofidyKidd (615722) on Monday August 07, 2006 @06:19PM (#15862449)
      More interestingly, will MS actually patch it, even with complete knowledge of the hole? If it further delays Vista's release (because of potentially complex code organization, or other roadblock), they might not even bother until later.
      • by rifftide (679288) on Monday August 07, 2006 @07:06PM (#15862761)
        Now this is really cynical - but they may have planned it this way. It looks like Vista may blow by even the latest (January 2007) deadline to resolve a raft of useability bugs, and this gives them the perfect cover to extend the ship date without looking totally inept. "We were ready to RTM at the end of 2006 but some late-breaking vulnerabilities were discovered, and we decided we couldn't take chances with the security of our customers' systems."

        This is not just a matter of losing face. If the Windows team blows the revised date by several months (say April or later) AND it ships what is considered to be a lackluster product, many people will start considering the Windows codebase as a sustaining mode project. They will assume that Microsoft is busy preparing a brand new code base (based on FreeBSD plus .NET and DirectX, let's say) to debut five years from now, and will work out a transition plan for Win32 apps. Windows will be a lame duck in the minds of both customers and MS engineers. Alternatives will be sought.

      • by Anonymous Coward on Monday August 07, 2006 @08:00PM (#15863002)
        They won't patch it because they can't. The software is really quite clever--it uses the hardware-based virtualization capabilities in newer AMD processors to move the currently running operating system into a VM (on the fly--no reboot!). Everything looks the same to the OS (no intermediary drivers like with VMWare, Virtual PC, et. al.)

        The software doesn't rely on a vulnerability in the OS, but rather a feature of the hardware... it could be ported to Linux/BSD/whatever quite easily.
        • by andreyw (798182) on Monday August 07, 2006 @11:12PM (#15863765) Homepage
          If you paid attention, you'd realize you can't use SVM facilities without being in ring-0. Now how she got her payload from ring-3 to ring-0? That's the security hole.
          • by Anonymous Coward
            RTFA. "She also admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control."

            There's also the description on her blog [blogspot.com], which states, "I would like to make it clear, that the Blue Pill technology does not rely on any bug of the underlying operating system. I have implemented a working prototype for Vista x64, but I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD which can be run o
    • by pedantic bore (740196) on Monday August 07, 2006 @06:19PM (#15862450)
      I'd try to trick them in to rewriting some crucial piece of the security infrastructure at the last possible minute. That way, I'd never run out of new holes to fine.

      Perhaps I'd do this by smiling and saying that the OS was so secure that I couldn't find anything wrong with it and recommending, no, begging that they ship it in exactly its current form.

    • If you're a truely vile blackhat, you'd probably go for choice #2.

      Most of these people at the blackhat con aren't of ill intent, though. They're just hackers who won't let microsofts convenience get in the way of their fun.

      Besides, with Microsofts history, I'd say it's pretty unlikely this hole will be patched if vista comes out before 2008. They certainly didn't patch any other verison of windows with that kind of speed.
    • by jd (1658) <imipakNO@SPAMyahoo.com> on Monday August 07, 2006 @11:37PM (#15863865) Homepage Journal
      No, the Black Hat wouldn't tell them about the hole. Well, not per-se. Not if there was some way of tricking Microsoft into thinking it was fixed, whilst leaving the Black Hat a back-door into everybody's systems. One way to do this would be to try and persuade Microsoft that only a subset of the values that would break security are a problem. Social engineer both the fix and the buglist. That way, if the Black Hat is ever detected, there's a good chance Microsoft will deem it a fixed bug and blame the victim, rather than investigating further.


      One of the dangers in hiring or consulting Black Hats who are any good is that 99% of security is all about social engineering - both the defence and the offense. Because of this, it is utterly impossible to distinguish between someone actually securing your systems and merely persuading you they have done so. Grey Hats will have basically the same social engineering skills but are more likely to teach you what to avoid, than to use those skills against you. This is not to say that Black Hats will always work against you - that's bad for business. All you can say is that what makes someone a Black Hat as opposed to a Grey Hat is that they wouldn't be opposed to doing so, and you'll never know.


      Oh yeah - I mentioned the use of social engineering in the protection of a system. The defences in any system will always be breakable with enough time and effort, so the only truly secure system is one that can socially engineer the attacker into believing that they have either already succeeded long before they really have or that there's nothing alive and listening for them to attack. Under no circumstances should obscurity be used as a substitute for social engineering. Obscurity hides what is important except to an attacker who has figured the obscurity out - which means that it can be used against the defender far more effectively than against the attacker. Social engineering hides nothing, it merely helps someone to see what they want to see. Because it hides nothing, it cannot be used against you, the worst possible case is that it'll cease to be as effective.

  • by mcguiver (898268) on Monday August 07, 2006 @06:14PM (#15862423)
    show me the average home user who doesn't runs XP as administrator. Do they think that anything is going to change for Vista?
    • by twofidyKidd (615722) on Monday August 07, 2006 @06:16PM (#15862440)
      I posted a similar comment mere seconds after yours. Bet I win with the most "redundant" down mods.
    • by DrDitto (962751) on Monday August 07, 2006 @06:17PM (#15862442)
      show me the average home user who doesn't runs XP as administrator. Do they think that anything is going to change for Vista?

      Yes, it is going to change for Vista. The default user will not have admin privileges.
      • But they'll change that as soon as they need to install some drivers etc.
        • Vista's security scheme works like sudo or the OS X admin password dialog. You're out of your element.
        • by Reverend528 (585549) on Monday August 07, 2006 @06:30PM (#15862527) Homepage
          But they'll change that as soon as they need to install some drivers etc.

          Short term administrator usage to install a driver isn't that big of a threat. The real problem will be legacy applications that won't run without administrator priviledges. That's what keeps most people from running everything as a user.

          • by tcc3 (958644) on Monday August 07, 2006 @06:52PM (#15862666)
            Legacy apps my ass. I've seen plenty of new, professional grade software that is hamstrung by user level permissions. Sometimes Power User wont even satisy. Sloppy development is a big problem.

            You shouldnt be allowed to say "NT/2k/Xp compatible" if your software cant correctly handle user permissions.
          • Although file and registry virtualization does make many legacy apps work fine. It doesn't fix the ones that needlessly checked directly for the administrator group being enabled in the token, but apps that write to system32 and program files and all work fine as a user now with virt.
          • Until those legacy apps break or run in a VM I doubt they have addressed security in any meaningful way. The same for games with copy protection that roots your system (i.e. Starforce).

            There's a lot of unbelievably bad Windows code out there. If most of it runs without a hitch have they really fixed anything?
      • I've been using the Beta for a while now and what this low priveleged account amounts to is a dialog popping up when elevated privaleges are required and asking "Do you want to continue?". My understanding is you can now call CreateProcess such that it will load this dialog if elevated privaleges are needed.

        Yes it's a great way to alert a knowledgable user that some background process may be playing where it doesn't belong but I still see thousands of end users blindly clicking "Continue" as with the old Ac
      • All Microsoft would have to do to prevent home users from runiing as Admin would be to put a check in MS Office and IE to make both of them fail to run on any admn account or possable put up a big ugly dialog box "You ar running as admin, Continue?, Are you sure? Really continue?" If these came up every 5 minutes people would not run as Admin but could still swtich over now and then. One other Idea would be to make the admin account aauto logout after 10 minutes. Lot of things they could have done.
        • Spend more time and work to make the OS intentionally and pointlessly annoy the user? No.

          If you wanted to take this approach, all you'd need to do is make it a bit scary. Hide the Admin account away, and maybe do something like Safe Mode, putting "Administrative Mode" in big ugly systemtype in the four corners of the screen. That, and make it so people rarely need to run in Admin mode.
        • All Microsoft would have to do to prevent home users from runiing as Admin would be to put a check in MS Office and IE to make both of them fail to run on any admn account or possable put up a big ugly dialog box "You ar running as admin, Continue?, Are you sure? Really continue?"

          That approach has been taken by some minor software projects - by preventing use of the root account. This takes the wrong approach to security - it enocurages lax code under the false assumption that it couldn't possibly inflict

    • Actually, if you had read just a little bit about Vista before writing a useless post, you'd know that yes, all this will change under Vista. The administrator account is disabled by default and people will have to use limited accounts.
    • Yes, it WILL change if microsoft stops assuming that everyone can act as a full administrator, which they're going to do based on the latest beta.

      http://www.anandtech.com/systems/showdoc.aspx?i=27 80&p=7 [anandtech.com]

      The above article details a new "User Account Control" system. From TFA: "The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that com
    • Yes. The true administrator account is hidden and disabled by default. Most people won't even know it's there, and you have to go through a rigmarole to enable it if you really want it (these a how-to guide at http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9001970 [computerworld.com]). The "administrator" account that Vista creates by default is actually a standard user that can temporarily elevate to admin privelages on a task-by-task basis -- that's what UAC is about.
    • Do they think that anything is going to change for Vista?

      One reason users run with administrative privileges in XP is because the XP setup it requires you to create a new user, and that user is given admin rights. Thus, the 'bob' user account that Bob made for his everyday use is an administrator, whether he knows it or not. Users get accustomed to having free reign over their systems and being able to make changes and install software without authenticating that it becomes the norm. In addition, there is a
      • the 'bob' user account that Bob made for his everyday use is an administrator, whether he knows it or not

        Yup. People here are talking like "the darned user" is going to choose to run administrator. Most probably, administrator privileges is what the local Nerd Brigade outlet handed them. The behavior that has to be changed is at the retailer's shop. If Vista will get Windows techs to do an "su" instead of running admin, that is fine.
  • by twofidyKidd (615722) on Monday August 07, 2006 @06:14PM (#15862427)
    Unfortunately, I think it's been established that many "average" users run in that mode, regardless of security concerns. I wonder if Vista will be an exception to this.
    • by TWX (665546) on Monday August 07, 2006 @06:29PM (#15862524)
      That's because they have to run as a member of the Administrators group in order to do fairly mundane tasks like install software or make use of otherwise-mundane consumer hardware.

      I've had accounts on POSIX-compliant systems for years. I've found that with only user-level access I'm quite able to compile or install applications for my own user account in my own home directory without much difficulty, and still maintain the system integrity. As long as Microsoft holds on to the registry they'll never achieve such.
      • by OverflowingBitBucket (464177) on Monday August 07, 2006 @10:36PM (#15863626) Homepage Journal
        That's because they have to run as a member of the Administrators group in order to do fairly mundane tasks like install software or make use of otherwise-mundane consumer hardware.

        Bingo.

        I've tried, I've tried so hard to get my family to run using user-level accounts. It doesn't work. I don't live with them, so at least one needs an account with Admin rights. The others get the password (usually by asking), and then reelevate themselves. They aren't doing it to spite me. When some games won't run without admin, they can't burn CDs, so forth, they will find a way to make it work. Security? What's that? They don't care. If they can't play games, or burn CDs, they don't care about security.

        I know it is nice and easy to blame developers. True, they should do better. Heck, the first two release versions of my software didn't run properly as a user under Windows either (be gentle, I didn't have XP then). But if you want developers to behave, it has to cost them if they don't. The admin-by-default situation in Windows is ludicrous. They took a step in the right direction with user accounts in XP, but with the default installation forcing the first user account to be admin, and then not letting you de-admin the account, makes the step almost pointless.

        When default users run as an ordinary user with a pretty graphical sudo, and the OS blocks running apps as administrator without some sort of painful confirmation process (eg. whitelist), and developers have access to decent commandline or API sudo and security equivalents, then developers will behave and make damn sure their app runs as an ordinary user.

        Legacy apps will break unless some sort of layer is put in to make it look like the app does have arbitrary permissions to do fun stuff like write into its installation directory or the top level of a drive. I've heard Vista does some of this funky stuff (I'd check if the a__holes at Microsoft actually let me get their beta version of Vista- another story), which I hope is true.

        Microsoft got themselves into this mess and they have nobody to blame but themselves (despite the way they love to blame third parties for their sloppy OS). They can dig their way out if they choose. It won't be easy, but give them a decade and they'll be where Unix was a decade ago. ;) Perhaps Vista will be another step in the right direction. Or maybe it will be another case of dialog overkill that does nothing for true security. Who knows?

        Personally I'm not too stressed one way or the other. I don't use Windows unless I absolutely must, and whilst it is a worm-ridden crash-prone security nightmare it does mean there will be work available to clean up the mess. The target market of my software mostly runs on Windows though, so I do have to keep aware of what is going on. It would be nice if they cleaned up their act, as it makes my work easier.
  • Hypocrites (Score:3, Insightful)

    by Umbral Blot (737704) on Monday August 07, 2006 @06:18PM (#15862447) Homepage
    Lets see how long it takes for slashdot readers to swing into full hypocrisy mode. Specifically mocking windows because it is vulnerable to users running insecure software in administrator mode when every other OS has the exact same vulnerability. Of course windows users do have the unfortunate tendency to run as administrators, but 1- that is blaming the software for the problems of the user, and 2- Vista might be running in user mode by default.

    And no, before you ask, I am not a windows user, I am on a Mac PowerBook G4. I prefer the mac because it is easier to use and I am not a gamer, not because of some imagined speed or innate security edge over every possible windows product.
    • Re:Hypocrites (Score:4, Insightful)

      by swissmonkey (535779) on Monday August 07, 2006 @06:23PM (#15862477) Homepage
      Even better, not only has the tool to run in administrator mode to work, but additionally, the user has to click "Yes" in a dialog box warning him that this program is touching sensitive parts of the system(that's the UAC part).

      Now if that's a security issue, then I guess rm -rf / is an enormous security hole on Unix systems
    • Re:Hypocrites (Score:2, Informative)

      by SEMW (967629)
      >Vista might be running in user mode by default.

      Correct, it will. The true administrator account is hidden and disabled by default. Most people won't even know it's there, and you have to go through a rigmarole to enable it if you really want it (these a how-to guide at http://www.computerworld.com/action/article.do?com [computerworld.com] mand=viewArticleBasic&articleId=9001970). The "administrator" account that Vista creates by default is actually a standard user that can temporarily elevate to admin privelages
    • Re:Hypocrites (Score:2, Insightful)

      by TheUnknownOne (810624)
      Speaking as a linux user who happens to also use windows to play games, while yes running in administrator mode in windows is "technically" avoidable, in reality it isn't. It isn't avoidable for your average home user who isn't going to try and figure out how to get all of his programs working with the limited user accounts. Microsoft as well as the majority of developers of Windows applications do not make any effort towards the simplification of this process, and they are at fault, not the average compute
    • 1- that is blaming the software for the problems of the user

      That's not true. The reason "windows users have the unfortunate tendency to run as administrators" is because some software requires Admin priviledges to run properly! That being said, those applications and the OS itself are to blame.
    • Lets see how long it takes for slashdot readers to swing into full hypocrisy mode. Specifically mocking windows because it is vulnerable to users running insecure software in administrator mode when every other OS has the exact same vulnerability.

      I would agree with you, except that the hack was to run code that was unsigned when the OS was specifically designed with this security feature. If linux implemented something to prevent any executables from running that were not shipped from the distribution,

    • mocking windows because it is vulnerable to users running insecure software in administrator mode when every other OS has the exact same vulnerability.

      Well, yeah, but (1) Windows seems to have so much more insecure software than other OS's, and (2) a lot of that software is so eager to run yet more insecure software just to be "helpful" to the user (eg Word and Excel macros, email attachments, fun stuff in webpages, etc.)

      Having Vista default to user mode is a good thing -- it's nice to see Microsoft finally
  • by Anonymous Coward on Monday August 07, 2006 @06:18PM (#15862448)
    ...but the user has to PERMIT the program to run.

    Yes, many users are just stupid and will automatically click "yes" on things, but at that point it's their own damn fault. The hack won't work without the user letting it work.
    • I mean if I get you to run something as admin/root/whatever I can do whatever I want. I can own your system in any number of ways. If I do it with your knowledge (as in you clicked and chose to run the program) I fail to see how that's an exploit. The power to do what you want with a computer implies the power to break it. I can't very well give you full control over your own stuff, but not the control necessary to screw things up.

      Calling anything that requires manual user execution a "hack" seems to stretc
      • Obviously you haven't read what this thing is supposed to get past, because it's nothing to do with account privelidge escalation, it's more to do with DRM, it gets past their 'trusted computer' checks for cryptographically signed code by using virtual machine extensions in newer AMD processors to move the entire OS into a virtual machine, and so control it undetectably from the 'outside'.

        This isn't like getting someone to run your script as root, it's like getting someone to run your script as root from a
  • To be fair to MS (Score:5, Insightful)

    by walnutmon (988223) on Monday August 07, 2006 @06:22PM (#15862474)
    This article is a little slanted towards, "MS said you can't get into their OP, and black hats said, 'bitch please!'". But really, MS probably expected this, and was hoping that they could learn something from watching a collection of hackers test their system. The more problems that are caught now, the less when it is released.

    Microsoft doesn't care about impressing Linux users, they care about releasing something that A LOT of normal users can install and forget about. Every iteration they get more stuff right, and their operating system becomes better (except ME, that sucked dick).
    • It looks to me like compromising a box with superuser account. "Linux was hacked. To be fair, the target was running as root".
      • No, this is more like "target was running as root, on a device with the 'noexec' bit set to disable execution. This "hack" managed to sidestep that check". This was a compromise to their DRM system, not their account/privelidge system.

    • Every iteration they get more stuff right, and their operating system becomes better...

      Perhaps that's true in regard to security. But aside from a few right-click functions and totally new features like having CD-burner support built in, Windows XP with default settings is more difficult for a reasonably skilled user than Windows 2000. And it's for a very simple reason: Every iteration of Windows is more childish than the one before.

      Seriously, Windows is the AOL of operating systems—designe
    • by Anonymous Coward on Monday August 07, 2006 @10:57PM (#15863706)
      except ME, that sucked dick.

      once again, we're reminded of the importance of proper comma placement.
  • by rufusdufus (450462) on Monday August 07, 2006 @06:23PM (#15862479)
    She also admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control.

    Seems to me this 'hack' gets the cart before the horse. If you are able to run malicious software in administrator mode, you can do anything at all, not just compromise signed code authorization. Heck you could replace the whole OS. The point of security is to prevent unknown persons from being able to run malicious software in the first place.

  • ... how well does this superior security hamper productivity?
    The most secure computer system is one that is not turned on.
  • question (Score:5, Interesting)

    by spykemail (983593) on Monday August 07, 2006 @06:26PM (#15862503) Homepage
    The real question is: will elevating oneself to administrator become common practice or not? If admin land stay reserved for the likes of Slashdot, then problems like this will probably be greatly reduced. But that assumes that the difficulty in setting up an admin account isn't worth it for most people.
    • Re:question (Score:5, Insightful)

      by morgan_greywolf (835522) on Monday August 07, 2006 @06:51PM (#15862664) Homepage Journal
      The real question is: will elevating oneself to administrator become common practice or not?


      That depends on how many legacy programs require Administrator priveleges to even run. (Hint: a lot)
    • When the CEO's technophobe secretary demands that she not have to enter her password then, yea, the privileges will be elevated. They'll send a IT guy right over.
  • Blue Pill (Score:3, Funny)

    by frosty_tsm (933163) on Monday August 07, 2006 @06:29PM (#15862523)
    Nooo, take the Red Pill!
  • Hardware bug (Score:3, Informative)

    by diegocgteleline.es (653730) on Monday August 07, 2006 @06:31PM (#15862531)
    This "trick" uses a hardware bug, not a sofware bug, to exploit Vista. It should affect other OSes like Linux, Solaris, BSDs, etc.

    I'm not surprised that they focused on being able to break Vista. A nice marketing move for the "researcher" (like there're not papers that explain how virtualizing environments aren't 100% safe in the x86 architecture)
    • The basis of the vulnerability is that it modifies device drivers that get swapped out to the pagefile. It can then hook shellcode when the driver is instanciated, in this case allowing unsigned drivers to be loaded.

      You are probably thinking of the AMD hypervisor she discussed for designing Vista rootkits.

  • by brennz (715237)
    When exploits require administrator/root access in the first place in order to function, interest level drops to 0.

    This exploit-requiring-admin reminds me of another recent speech, namely http://www.defcon.org/html/defcon-14/dc-14-speaker s.html#Lin0xx [defcon.org] which was quite boring.

    *yawn*

  • So let's see, if you run an application as "Administrator" on a new Windows Vista machine (where users are not, by default, created as administrator accounts), that application could cause problems with the system or, if you will, "hack" the system (such an unclean word). How is this any different from sitting down at a Linux system with root access and running amok? Are root accounts inherently more secure than administrator accounts, or am I missing something here? At least on the Vista machine, a noti
    • Could it be because close to 90% of all Winboxen run in Administrator mode? That is the default in every version before Vista. It will get changed to Admin by most regular users to install something and left there in Vista. The users don't understand and not enough people who do have a clue are teaching them.
      • You know, 100 years ago the automobile had a lot of problems too. Let's call all modern cars crap because the transmission still goes bad despite the fact that it goes bad 100,000 miles later than it did initially.

        Are you seriously reading what you're writing? Sorry, but 90% of corporate America does not nor even needs to run as admin. For those that do, think home PCs they have the runas option which is just like sudo so what's the problem? Maybe because all those lazy developers made programs for Window

    • "How is this any different from sitting down at a Linux system with root access and running amok?"

      Because linux (without something like selinux) isn't designed to not let you run unsigned code in ring0. Vista is. Yet by using this security hole, you can push unsigned code into ring0. Therefore, it is only as secure as linux; their extra security requiring cryptographically signed binaries to run in ring0 didn't work.

    • Are root accounts inherently more secure than administrator accounts

      Of course not - the entire point is that you have full and absolute control to be able to change anything. The difference between multi-user systems and systems with a single user legacy is that you should only need root access to set things up - even your system services run as different users without full root priveleges. MS Windows 2k,XP,2k3 suffers from having people with the single user idea turn up from the Win98 side and mess thing

  • by SafariShane (560870) on Monday August 07, 2006 @06:38PM (#15862587)
    From the article...

    Reportedly, Vista is the first Microsoft products [sic] that the company is sending through its "Security Development Lifecycle", which aims at getting rid of all security vulnerabilities before shipping.

    Begs the question(s)...

    1. Why didn't microsoft try to get rid of all security vulnerabilities in other releases prior to shipping?

    2. Who at microsoft would even claim such a thing?

    Most security experts understand that 'security' is an arms race. I for one would rather measure the security of an os by the mean time between discovery and patch implementation. Microsoft is half right, they have the most vunerabilities because they are the dominant os, thus the biggest target. (yes, I know it's easier to hack ms, but that's not my point here) Even if Vista is far more secure and much harder to hack, if it has the largest install base it will have the most vunerabilities.

    I take issue with this part of the artice...

    She also admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control.

    Since when did that make any bit of difference? Hackers have been using social engineering tricks since they were called phreakers. And most people forget that it's purely a numbers game. They don't expect every end user to fall for an email titled "i love you" or "free pron". But, a small percentage will take the blue pill, and some of them will even switch to admin mode when the cute little screen saver they won for being the 500,000th visitor to some domain misspelling.

    Getting rid of ALL venerabilities? Ha, not even cutting the network cable could do that. There is always sneakernet. I for one want to run a system where zero day vunerabilites are just that, around for zero days.
    • 1. Why didn't microsoft try to get rid of all security vulnerabilities in other releases prior to shipping?

      The same reason Microsoft doesn't try to get rid of security vulnerabities in MS-Dos and Windows 3.11. It's considered "don't-even-bother", as those computers just barely got a hard drive and adding user-accounts would massivly break 99% of existing applications.

      BTW, OpenBSD didn't remove every security vulnerability either, as demonstrated by the new class of attack that was recently discovered. T

  • by Poromenos1 (830658) on Monday August 07, 2006 @06:39PM (#15862591) Homepage
    This contest doesn't make sense, if they find a vulnerability, it's some bad PR, but, well, how many vulnerabilities have been found and patched for XP? If they don't, it still doesn't mean it's unhackable, it just means they need more time.

    The only case where they DO work is when you're asking people to crack encryption, and then it's only CRACKING it that proves something, saying that noone could crack it doesn't mean it's uncrackable.
  • Hmmm.

    As I read it, Microsoft has declared that as of their next release, they simply won't allow unsigned drivers and other kernel-level code to run. Which, according to quite a few hardware vendors, means enough expense to be prohibitive; those same vendors today simply provide instructions to ignore "this code isn't signed" warnings.

    Well, this hack lets those vendors continue as they bear.

    The posts about "well, DUH! you need admin privs" is beside the point because driver (etc) installations always

  • freeware? (Score:3, Interesting)

    by colmore (56499) on Monday August 07, 2006 @06:52PM (#15862667) Journal
    So does this mean I'm going to need to be in administrator mode to run free software?

    Since just about everyone runs one or two pieces of free software (Windows isn't capable of very much out of the box) doesn't this mean that *everyone* will still be running in administrator mode?
  • Visual Studio has to run in admin mode. Okay, IFF you want to use the debugging facilities you need to be an admin. But how often would you not want to use the debugging facilities when you're developing code? And how many developers are only going to use admin mode when they need to do some debugging? Perhaps this will be fixed in the first version of VS for Vista. I wouldn't risk much of my annual income on it.
  • by etresoft (698962) on Monday August 07, 2006 @07:18PM (#15862825)
    People hack a MacBook using 3rd party hardware and software that they won't reveal, then claim the hack would also work on hardware they didn't demonstrate, then claim Apple "leaned on them" to keep the details secret. Suddenly, Macs have no more security. TFA didn't go into enough detail about the "Blue Pill". It wasn't really a hack in the same sense. It was a proof-of-concept to insert a rootkit into an x64-based OS without hacking. To quote the original author [blogspot.com],
    I would like to make it clear, that the Blue Pill technology does not rely on any bug of the underlying operating system. I have implemented a working prototype for Vista x64, but I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD which can be run on x64 platform.
    People aren't worried about how to hack into Vista, they are working on brand new exploitation architectures using Vista. I have read elsewhere where Vista appears to have a TCP/IP stack designed from scratch. It includes all new implementations of the bugs that have been fixed over the past 15 years in all the other OSes.
    • Seems to me that combining "Blue Pill" with the WiFi driver hack would produce a truly nasty piece of malware.

      Think about it: If you ever turn on the WiFi system on a machine with a vulnerably driver it can be sliently infected wirelessly with malware that would, from then on, run the OS and its herd of applications in a virtual environment within which it can not even DETECT that it has been compromosed.
  • ...I'd be willing to bet that most people run their computes with Admin accounts.

    It's too much fo a hassle to deal with the "You can't do that, log out, log in as admin, do that, log out, log back in as yourself" for most people. Hell, I KNOW what the hazards are, but I sitll do it.

    Saying "It's only insecure when you run as administrator" is like saying "It's only dangerous when you smoke the cigarettes". Of course it's only dangerous that way, but that's not stopping thousands of people from doing it.

  • To be fair, the hack was possible only when the target is in administrator mode rather than a limited user account.

    That will limit the damage to about 90% of Windows machines connected to the internet. And here I started thinking that MSFT security wouldn't be any better in Vista. Guess I was wrong.

  • by Sathias (884801) on Monday August 07, 2006 @10:26PM (#15863593)
    Oh man, a program that will let me run code in administrator mode... that would be sooooo sweet *cough*
  • by Myria (562655) on Tuesday August 08, 2006 @12:20AM (#15863999)
    This is about x64 driver signing. In Vista 64, drivers *cannot* run if they are not signed by a corporation who has paid the "VeriSign Tax" *. Even if the administrator requests it, they will not run. This is retarded "security", and it will keep being broken until Microsoft either gives up or forces everyone to have TPM bootup (more likely the latter).

    It infuriates developers, yet doesn't do anything for preventing rootkits, as Joanna has demonstrated. As long as user-mode programs have raw disk access, they will be able to attack whatever they want.

    I have a feeling that Microsoft's response to this will be to lock out raw disk access to user mode regardless of privilege. Keep in mind that even SELinux does not do this. All disk utilities would have to be written as signed drivers. The problem here is that developers won't stand for it, and will make signed drivers that grant access again. Then the rootkits can just copy these signed drivers then use them to do the same thing.

    Even if Microsoft encrypts the page file or removes the ability for the kernel to page itself out, raw disk access is still an issue. You can always open \Device\Harddisk0\Partition0 (NT's /dev/hda) and overwrite the MBR, then call NtShutdownSystem to reboot. If you take away raw disk access to user mode, then you get more esoteric. Detect when a blank CD or DVD has been inserted. When the user requests to burn it, intercept the write request and burn something else instead. Act like a system crash and reboot after it's done. Most computers are configured by default to boot from CD first.

    The real reason for driver signing appears to be DRM. The easiest way to "crack" song DRM is to install a fake audio driver that logs to disk. With the DMCA, it's illegal to make such a driver, and with driver signing, it's impossible to do it anonymously. If you temporarily disable driver signing - which is possible if you press F8 each boot - Vista's Windows Media Player refuses to play protected songs. Gee I wonder why.

    By the way, I thought of the same pagefile hack as Joanna on my own and posted it on my weblog in early June. I'm sure Joanna figured it out long before me though.

    * There are other root certificate companies that are countersigned, but this is a well-known phrase.

    Melissa

The clash of ideas is the sound of freedom.

Working...