Vista Hacking Challenge Answered 388
debiansid writes "Microsoft's most secure Operating System yet
has been compromised at the Black Hat hacker conference. We all know that Andrew Cushman, Microsoft's director of security outreach invited the Black Hats over to touch and feel Vista in order to showcase the superiority of this OS. Joanna Rutkowska, from Coseinc, a Singapore-based security firm, obliged and showed how it is possible to bypass security measures in Vista that prevents unsigned code from running with the help of a little software she calls the 'Blue Pill.'" To be fair, the hack was possible only when the target is in administrator mode rather than a limited user account.
Would they tell anyway? (Score:5, Interesting)
Or would you keep it to yourself in hopes that the final release will still contain the hole so you can pwn millions of new adoptors?
Re:Would they tell anyway? (Score:5, Interesting)
question (Score:5, Interesting)
20 Year Mac User - Vista Is My Next OS (Score:1, Interesting)
I've been very impressed with the latest Vista beta. I can't say for certain that it is secure but the small amount of time I've run it, I've had absolutely no security/spyware virus problems in normal day to day use.
It doesn't quite have that elegance that Apple has with the shading/highlights etc for the UI elements, but so far Vista has been stable, secure, and fast.
And I've been a foaming at the mouth Microsoft hater for the a long, long time. It looks to me like Microsoft has finally got their shit together with this OS. There was always a desire to get back to my Mac with previous Windows systems, not any more with Vista.
And Linux as root is any more secure? (Score:2, Interesting)
Comment removed (Score:5, Interesting)
freeware? (Score:3, Interesting)
Since just about everyone runs one or two pieces of free software (Windows isn't capable of very much out of the box) doesn't this mean that *everyone* will still be running in administrator mode?
What about Visual Studio users? (Score:2, Interesting)
Missing the point about "Blue Pill" (Score:5, Interesting)
Re:Only works as an administrator but... (Score:3, Interesting)
Re:Only works as an administrator but... (Score:3, Interesting)
If you wanted to take this approach, all you'd need to do is make it a bit scary. Hide the Admin account away, and maybe do something like Safe Mode, putting "Administrative Mode" in big ugly systemtype in the four corners of the screen. That, and make it so people rarely need to run in Admin mode.
Re:And Linux as root is any more secure? (Score:3, Interesting)
You know, 100 years ago the automobile had a lot of problems too. Let's call all modern cars crap because the transmission still goes bad despite the fact that it goes bad 100,000 miles later than it did initially.
Are you seriously reading what you're writing? Sorry, but 90% of corporate America does not nor even needs to run as admin. For those that do, think home PCs they have the runas option which is just like sudo so what's the problem? Maybe because all those lazy developers made programs for Windows that require administrative access? Okay fine, let's give them a portion of the registry that users can read normally and move important system keys into a different location which can be secured. Problem solved.
It sounds to me like you don't know what you're talking about or at the very least you don't seem to understand Vista's new features or even features that have existed since NT4. That's fine, you're not required to but don't expect everyone to sit back and let you make false statements since that doesn't help anyone.
If you want to bash Vista bash something relavent like the user pop-ups asking you to authorize actions or the wizard you have to run when you access system files which grants you access to said files. It's not a default behavior for even Administrator to have access to certain files. Of course nothing stops Administrator from granting access since they indeed the Administrator.
That said, even if you do run as Admin on Vista things are a lot safer (read not safe, but safer), think OS X style prompts. There's another legitimate gripe with Vista. As I said, there are plenty of real reasons, there's no need to make one up.
I ran Vista for a month before wiping it and throwing Gentoo on it and I can honestly say I did not need to run as Administrator at all. Of course I know my way around a Windows system and I understand how to use Runas, of course I taught my computer illiterate parents how to use it too so I really don't think it's that complicated although it's intuitiveness is up for debate.
Re:Would they tell anyway? (Score:4, Interesting)
The software doesn't rely on a vulnerability in the OS, but rather a feature of the hardware... it could be ported to Linux/BSD/whatever quite easily.
Re:Only works as an administrator but... (Score:3, Interesting)
That approach has been taken by some minor software projects - by preventing use of the root account. This takes the wrong approach to security - it enocurages lax code under the false assumption that it couldn't possibly inflict system-wide damage. It is the computer equivalany of sweeping dirt under the rug to make things look clean.
Better systems do:
- Not permit reckless actions through interface flaws (e.g. not designing your system to do an easy "rm -rf
- Not premit applications to auto-execute (e.g. what Firefox does to embedded objects and Javascript by default)
- Not contain buffer overflow possibilities (e.g. use C-style strings carelessly.)
In that case I totally hacked ubuntu earlier (Score:2, Interesting)
Like the time I hacked Steam, I just entered in my name, email, and credit card info and BAM instant online games baby!
Ditto on the blackhats keeping the best ones under their black hats. This genius ran a known hardware issue on a new OS, *as root* and it worked. Get this girl a cookie.
Re:Blue Pill seems insincere (Score:3, Interesting)
Idiot.
If, however, the code has been signed, it can allow it to load and run in ring0 (or ring1 as some OS's load their drivers).
"Are you really so stupid you cannot see the difference between bypassing a security feature on a iPod versus a general purpose computer?"
Are you really so stupid that you can't see what they, in this case, have in common?
Unsigned driver hack already fixed (Score:4, Interesting)
http://news.yahoo.com/s/zd/185371 [yahoo.com]
Re:Would they tell anyway? (Score:5, Interesting)
One of the dangers in hiring or consulting Black Hats who are any good is that 99% of security is all about social engineering - both the defence and the offense. Because of this, it is utterly impossible to distinguish between someone actually securing your systems and merely persuading you they have done so. Grey Hats will have basically the same social engineering skills but are more likely to teach you what to avoid, than to use those skills against you. This is not to say that Black Hats will always work against you - that's bad for business. All you can say is that what makes someone a Black Hat as opposed to a Grey Hat is that they wouldn't be opposed to doing so, and you'll never know.
Oh yeah - I mentioned the use of social engineering in the protection of a system. The defences in any system will always be breakable with enough time and effort, so the only truly secure system is one that can socially engineer the attacker into believing that they have either already succeeded long before they really have or that there's nothing alive and listening for them to attack. Under no circumstances should obscurity be used as a substitute for social engineering. Obscurity hides what is important except to an attacker who has figured the obscurity out - which means that it can be used against the defender far more effectively than against the attacker. Social engineering hides nothing, it merely helps someone to see what they want to see. Because it hides nothing, it cannot be used against you, the worst possible case is that it'll cease to be as effective.