Please Scroll Down to See Forums Below
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
Research Chemical SciencesUGFREAKeudomestic
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsResearch Chemical SciencesUGFREAKeudomestic

*FACE-PALM* Microsoft

hanselthecaretaker

High End Bro
Platinum
Windows 7 Can Be Hacked, No Fix
Next news
10:00 AM - April 24, 2009 by Kevin Parrish


Earlier today at the Hack In The box Security Conference, security researchers showed how easy it is to hack into Windows 7. Ouch.

ZoomThe question to ask first is this: can't every piece of software be hacked in some fashion? Quite frankly, yes. However, Microsoft (unfortunately) deals with hackers on a daily basis, patching security holes in the Windows operating system, Internet Explorer, and various programs in the Office suite. In some ways, hackers bring job stability to those who specialize in thwarting security intrusions, those who fill holes where perpetrators like to sneak in. But what if the problem can't be fixed? What if the window is wide open and there's not one thing Microsoft or any other company can do to shut it closed?

Earlier today, researchers Vipin Kumar and Nitin Kumar of NVlabs demonstrated how they could take control of a Windows 7 virtual machine using proof-of-concept code they developed called Vbootkit 2.0. The 3 KB program allows the "attacker" to take control of the computer by making changes to the operating system's files loading into the system memory during the boot process. According to Kumar and Kumar, Windows 7 cannot detect the malicious program because no files are changed on the hard disk.

"Basically, we follow a very simple algorithm for Vbootkit," the team explained during the demonstration, "Hook INT 13 for disk reads, keep patching files as they load, hook onto the next stage, and repeat the above process [until] we reach the kernel, then sit and watch the system carefully."

With that said, there's a positive and negative side to this kind of attack. The good news is that the hacker must by physically present to take control of the PC, making the threat somewhat minimal. Additionally, once the computer reboots, Vbootkit 2.0 will no longer have control since the data stored in memory is no longer available. The negative aspect is that, according to Vipin Kumar, the problem stems from Windows 7's assumption that the boot process is immune from attacks. He said that not only is there no current fix for the problem, but that it cannot ever be fixed.

The security researchers demonstrated the ability to take control of Windows 7 at the Hack in The Box Security Conference held in Dubai. The duo merely wanted to demonstrate how they could get Windows 7 (x64) running normally after implementing changes to the kernel. The demonstration was also meant to show how Vbootkit 2.0 could pass through all of the security features implemented in the kernel without being detected, and without leaving a footprint on the hard drive.

In addition to hacking into the kernel, Vbootkit 2.0 allows the attacker to control the victim's computer by remote after this initial physical invasion. The attacker can then increase the user privileges to the highest level, and remove the current user's password, allowing the attacker to gain access to all files stored on the PC. Once finished, the attacker can use Vbootkit 2.0 to restore the original password, and exit the system undetected.

So what does this mean for Windows 7? Can the problem be fixed? According to Kumar, no. However, perhaps Microsoft will take notice and figure out a workaround before the operating system eventually ships this year.

Windows 7 Can Be Hacked, No Fix - Tom's Hardware


That's what you get for setting record cold-boot times.
Fixing this should be Microsoft's first priority, regardless of how well Xbox is selling. You're a computer software company remember, Microsoft? Time to start proving yourselves as one.
 
Wow. No way in hell they can ship Windows 7 without figuring something out a solution to that. They're lucky to get a heads up for it.

How they couldn't figure out that hack w/ their thousands of employees is ridiculous....
 
it's because bill stepped down.. the company lost money and they are out of control..

physical control of a computer.. when it comes down to it.. if i can touch it.. i can get into it..

The regulators and all business class users already know this.. it's called Risk evaluation and acceptance
 
What a surprise, that unbelievable talent is found in foreigners! The global economic power changeover continues.

r
 
the fact that the hacker has to be physically present at the computer makes this a moot point. Are hackers willing to take that much of a risk, I highly doubt it?

Still, props to Harold and Kumar!
 
the fact that the hacker has to be physically present at the computer makes this a moot point. Are hackers willing to take that much of a risk, I highly doubt it?

Still, props to Harold and Kumar!
+1. Most any good hacker can 0wn a computer he's sitting in front of. I just upgraded to Ubuntu 9.04 today so it's all good.
 
the fact that the hacker has to be physically present at the computer makes this a moot point. Are hackers willing to take that much of a risk, I highly doubt it?

Still, props to Harold and Kumar!

95% of hackers out there, are folks who run dot-coms, and use their users names and passwords to login to their gmails, myspaces and read their emails. There's private forums where hackers post hillariuos emails they read from their victims.

The hacker you should worry about, are the ones you never hera about. That's cuz they're good.

r
 
Top Bottom