Vista hacked at Black Hat Convention

Microsoft recently invited hackers and "security professionals" at the Black Hat convention in Las Vegas to "test" Vistas security measures. Even giving out beta releases of Vista to attendees.

It didn't take long for one researcher to bypass Vistas security.

" Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running.

And in a second part of her talk, Rutkowska explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill. "


Microsoft says they are working on a system to prevent these types of attacks in the final version of Vista. While Vista still is a way off, I really hope Microsoft will get it together.

Link
4,787 views 7 replies
Reply #1 Top
Interesting
Reply #2 Top
Reading sections of the article, it seems she simple agreed to let her code pass through with a click of a button ? Unless I am missing something here >_>. Not exactly hacking if you simply allow it via a button...

Cool none the less. A female 'hacker' is just plain cool . I hope Vista gets secure enough to not allow harmful code and scripts, but not to secure as to hinder the "experience" with Vista (damn you DRM...)
Reply #3 Top
Wow, A Female Hacker. Hope Vistas security will be alot better than these previous versions they've released. We'll have to see.
Reply #4 Top
I like the left out bit on how this only works in Admin accounts. Isn't Vista supposed to default to Standard user? (Making this a bit of a non issue)
Reply #6 Top
You would expect them to say their products are no longer necessary?
Reply #7 Top
Why is it that Microsoft leave everything to the last minute?! Com'on Microsoft!