Protect your PC running Windows OS...
May 2009
Bitlocker, TPM won’t defend all PCs against VBootkit 2.0. Trusted Platform Modules and BitLocker Drive Encryption can protect Windows 7 computers against a bootkit attack unveiled recently but these technologies will not be available on a large portion of computers, leaving millions of users unprotected when Microsoft releases its next version of Windows. VBootkit 2.0 is proof-of-concept code that was unveiled by security researchers of NVLabs, at the Hack In The Box (HITB) security conference held in Dubai recently. The code, which is just 3KB in size, allows an attacker to take control of a Windows 7 computer by patching files as they are loaded into the system’s main memory. Because no software is modified on the computer’s hard disk, the attack is nearly undetectable. VBootkit 2.0 is an updated version of an earlier tool, called VBootkit 1.0, that can take control of a Windows Vista computer by a similar method. With VBootkit 2.0, once an attacker has taken control of the Windows 7 computer during the boot process they are able to get system-level access to the computer, the highest level possible. They can also remove user passwords to gain access to protected files and strip DRM (digital rights management) protection from multimedia files. The passwords can then be restored, hiding any evidence that it was compromised. “There is no fix for this. It cannot be fixed. It is a design problem,” one of the program designers said during his presentation last week, referring to Windows 7’s assumption that the boot process is safe from attack. In response, a Microsoft representative said Windows 7’s support for Trusted Platform Module (TPM) and BitLocker Drive Encryption (BDE) means the attack is “void,” downplaying the threat to users.
Bitlocker, TPM won’t defend all PCs against VBootkit 2.0. Trusted Platform Modules and BitLocker Drive Encryption can protect Windows 7 computers against a bootkit attack unveiled recently but these technologies will not be available on a large portion of computers, leaving millions of users unprotected when Microsoft releases its next version of Windows. VBootkit 2.0 is proof-of-concept code that was unveiled by security researchers of NVLabs, at the Hack In The Box (HITB) security conference held in Dubai recently. The code, which is just 3KB in size, allows an attacker to take control of a Windows 7 computer by patching files as they are loaded into the system’s main memory. Because no software is modified on the computer’s hard disk, the attack is nearly undetectable. VBootkit 2.0 is an updated version of an earlier tool, called VBootkit 1.0, that can take control of a Windows Vista computer by a similar method. With VBootkit 2.0, once an attacker has taken control of the Windows 7 computer during the boot process they are able to get system-level access to the computer, the highest level possible. They can also remove user passwords to gain access to protected files and strip DRM (digital rights management) protection from multimedia files. The passwords can then be restored, hiding any evidence that it was compromised. “There is no fix for this. It cannot be fixed. It is a design problem,” one of the program designers said during his presentation last week, referring to Windows 7’s assumption that the boot process is safe from attack. In response, a Microsoft representative said Windows 7’s support for Trusted Platform Module (TPM) and BitLocker Drive Encryption (BDE) means the attack is “void,” downplaying the threat to users.
posted by arkietechs at 12:01 PM
0 Comments:
Post a Comment
<< Home