Vista Hacking Challenge Answered

debiansid writes "Microsoft's most secure Operating System yet has been compromised at the Black Hat hacker conference. We all know that Andrew Cushman, Microsoft's director of security outreach invited the Black Hats over to touch and feel Vista in order to showcase the superiority of this OS. Joanna Rutkowska, from Coseinc, a Singapore-based security firm, obliged and showed how it is possible to bypass security measures in Vista that prevents unsigned code from running with the help of a little software she calls the 'Blue Pill.'" To be fair, the hack was possible only when the target is in administrator mode rather than a limited user account.

Would they tell anyway?

So if you're a black hat and you've found a new, as yet undiscovered hole in Vista, would you really go running to MS to tell them all about it so they can patch it?

Or would you keep it to yourself in hopes that the final release will still contain the hole so you can pwn millions of new adoptors?

Re:Would they tell anyway?

More interestingly, will MS actually patch it, even with complete knowledge of the hole? If it further delays Vista's release (because of potentially complex code organization, or other roadblock), they might not even bother until later.

Re:Would they tell anyway?

Now this is really cynical - but they may have planned it this way. It looks like Vista may blow by even the latest (January 2007) deadline to resolve a raft of useability bugs, and this gives them the perfect cover to extend the ship date without looking totally inept. "We were ready to RTM at the end of 2006 but some late-breaking vulnerabilities were discovered, and we decided we couldn't take chances with the security of our customers' systems."

This is not just a matter of losing face. If the Windows team blows the revised date by several months (say April or later) AND it ships what is considered to be a lackluster product, many people will start considering the Windows codebase as a sustaining mode project. They will assume that Microsoft is busy preparing a brand new code base (based on FreeBSD plus .NET and DirectX, let's say) to debut five years from now, and will work out a transition plan for Win32 apps. Windows will be a lame duck in the minds of both customers and MS engineers. Alternatives will be sought.

Re:Would they tell anyway?

They won't patch it because they can't. The software is really quite clever--it uses the hardware-based virtualization capabilities in newer AMD processors to move the currently running operating system into a VM (on the fly--no reboot!). Everything looks the same to the OS (no intermediary drivers like with VMWare, Virtual PC, et. al.)

The software doesn't rely on a vulnerability in the OS, but rather a feature of the hardware... it could be ported to Linux/BSD/whatever quite easily.

Re:Would they tell anyway?

If you paid attention, you'd realize you can't use SVM facilities without being in ring-0. Now how she got her payload from ring-3 to ring-0? That's the security hole.

Re:Would they tell anyway?

I'd try to trick them in to rewriting some crucial piece of the security infrastructure at the last possible minute. That way, I'd never run out of new holes to fine.

Perhaps I'd do this by smiling and saying that the OS was so secure that I couldn't find anything wrong with it and recommending, no, begging that they ship it in exactly its current form.

Re:Would they tell anyway?

Except it's already been patched.

http://www.eweek.com/article2/0,1759,1999241,00.as p?kc=EWRSS03119TX1K0000594 [eweek.com]

Re:Would they tell anyway?

No, the Black Hat wouldn't tell them about the hole. Well, not per-se. Not if there was some way of tricking Microsoft into thinking it was fixed, whilst leaving the Black Hat a back-door into everybody's systems. One way to do this would be to try and persuade Microsoft that only a subset of the values that would break security are a problem. Social engineer both the fix and the buglist. That way, if the Black Hat is ever detected, there's a good chance Microsoft will deem it a fixed bug and blame the victim, rather than investigating further.

One of the dangers in hiring or consulting Black Hats who are any good is that 99% of security is all about social engineering - both the defence and the offense. Because of this, it is utterly impossible to distinguish between someone actually securing your systems and merely persuading you they have done so. Grey Hats will have basically the same social engineering skills but are more likely to teach you what to avoid, than to use those skills against you. This is not to say that Black Hats will always work against you - that's bad for business. All you can say is that what makes someone a Black Hat as opposed to a Grey Hat is that they wouldn't be opposed to doing so, and you'll never know.

Oh yeah - I mentioned the use of social engineering in the protection of a system. The defences in any system will always be breakable with enough time and effort, so the only truly secure system is one that can socially engineer the attacker into believing that they have either already succeeded long before they really have or that there's nothing alive and listening for them to attack. Under no circumstances should obscurity be used as a substitute for social engineering. Obscurity hides what is important except to an attacker who has figured the obscurity out - which means that it can be used against the defender far more effectively than against the attacker. Social engineering hides nothing, it merely helps someone to see what they want to see. Because it hides nothing, it cannot be used against you, the worst possible case is that it'll cease to be as effective.

Only works as an administrator but...

show me the average home user who doesn't runs XP as administrator. Do they think that anything is going to change for Vista?

Re:Only works as an administrator but...

I posted a similar comment mere seconds after yours. Bet I win with the most "redundant" down mods.

Re:Only works as an administrator but...

show me the average home user who doesn't runs XP as administrator. Do they think that anything is going to change for Vista?

Yes, it is going to change for Vista. The default user will not have admin privileges.

Re:MS Support calls

By default, the true administrator account is hidden and disabled by default. Most people won't even know it's there, and you have to go through a rigmarole to enable it if you really want it (these a how-to guide at http://www.computerworld.com/action/article.do?com [computerworld.com] [computerworld.com] mand=viewArticleBasic&articleId=9001970). The "administrator" account that Vista creates by default is actually a standard user that can temporarily elevate to admin privelages on a task-by-task basis. It pops up a dialogue box like http://www.winsupersite.com/images/showcase/winvis ta_ff_uac_13.jpg [winsupersite.com], letting you press a big button that says 'allow' if you know it's something you initiated (e.g. you're trying to install something). You don't need to logout and relogin.

Re:MS Support calls

This is the way it works:

You can either be a limited user or an "administrator". By default in the current beta you're an "administrator".

What this means is that everytime an action is undertaken that actually requires administrative rights, Vista will pop up a dialogue (a la security warnings in Internet Explorer) and make sure you really wanted to do that. If you think this would be annoying (and would just train users to click yes) let me tell you that it was actually worse in Beta1.

There it popped up ALL the time and even if a background task does something that requires it, the entire system would stop and pop up the dialogue. At least now it'll just block and wait for you to notice the new task button and deal with it.

If you're on a limited account, you'll have to run whatever it was you were trying to run with the context menu "Run as admin" item. Then you'll have to type the admin password. Then when the program does something that actually requires the rights, it may or may not pop up the UAC dialogue.


At least MS is putting hoops for us to jump through.

Re:Only works as an administrator but...

But they'll change that as soon as they need to install some drivers etc.

Short term administrator usage to install a driver isn't that big of a threat. The real problem will be legacy applications that won't run without administrator priviledges. That's what keeps most people from running everything as a user.

Re:Only works as an administrator but...

Legacy apps my ass. I've seen plenty of new, professional grade software that is hamstrung by user level permissions. Sometimes Power User wont even satisy. Sloppy development is a big problem.

You shouldnt be allowed to say "NT/2k/Xp compatible" if your software cant correctly handle user permissions.

Ok, so the machine was in Admin mode...

Unfortunately, I think it's been established that many "average" users run in that mode, regardless of security concerns. I wonder if Vista will be an exception to this.

Re:Ok, so the machine was in Admin mode...

That's because they have to run as a member of the Administrators group in order to do fairly mundane tasks like install software or make use of otherwise-mundane consumer hardware.

I've had accounts on POSIX-compliant systems for years. I've found that with only user-level access I'm quite able to compile or install applications for my own user account in my own home directory without much difficulty, and still maintain the system integrity. As long as Microsoft holds on to the registry they'll never achieve such.

Re:Ok, so the machine was in Admin mode...

That's because they have to run as a member of the Administrators group in order to do fairly mundane tasks like install software or make use of otherwise-mundane consumer hardware.

Bingo.

I've tried, I've tried so hard to get my family to run using user-level accounts. It doesn't work. I don't live with them, so at least one needs an account with Admin rights. The others get the password (usually by asking), and then reelevate themselves. They aren't doing it to spite me. When some games won't run without admin, they can't burn CDs, so forth, they will find a way to make it work. Security? What's that? They don't care. If they can't play games, or burn CDs, they don't care about security.

I know it is nice and easy to blame developers. True, they should do better. Heck, the first two release versions of my software didn't run properly as a user under Windows either (be gentle, I didn't have XP then). But if you want developers to behave, it has to cost them if they don't. The admin-by-default situation in Windows is ludicrous. They took a step in the right direction with user accounts in XP, but with the default installation forcing the first user account to be admin, and then not letting you de-admin the account, makes the step almost pointless.

When default users run as an ordinary user with a pretty graphical sudo, and the OS blocks running apps as administrator without some sort of painful confirmation process (eg. whitelist), and developers have access to decent commandline or API sudo and security equivalents, then developers will behave and make damn sure their app runs as an ordinary user.

Legacy apps will break unless some sort of layer is put in to make it look like the app does have arbitrary permissions to do fun stuff like write into its installation directory or the top level of a drive. I've heard Vista does some of this funky stuff (I'd check if the a__holes at Microsoft actually let me get their beta version of Vista- another story), which I hope is true.

Microsoft got themselves into this mess and they have nobody to blame but themselves (despite the way they love to blame third parties for their sloppy OS). They can dig their way out if they choose. It won't be easy, but give them a decade and they'll be where Unix was a decade ago. ;) Perhaps Vista will be another step in the right direction. Or maybe it will be another case of dialog overkill that does nothing for true security. Who knows?

Personally I'm not too stressed one way or the other. I don't use Windows unless I absolutely must, and whilst it is a worm-ridden crash-prone security nightmare it does mean there will be work available to clean up the mess. The target market of my software mostly runs on Windows though, so I do have to keep aware of what is going on. It would be nice if they cleaned up their act, as it makes my work easier.

Wow

So, someone admitted that there is a vunerability in Vista. Among all the folk invited to 'test' Vistas security, someone had to come up with something. Even if they had to be administrator to do it.

It's the ones the black hats are keeping under their caps, or hats, that is going to be issue. But they can't all be trusted to tell. Not if they've found an especially 'useful' hole anyway.

Hypocrites

Lets see how long it takes for slashdot readers to swing into full hypocrisy mode. Specifically mocking windows because it is vulnerable to users running insecure software in administrator mode when every other OS has the exact same vulnerability. Of course windows users do have the unfortunate tendency to run as administrators, but 1- that is blaming the software for the problems of the user, and 2- Vista might be running in user mode by default.

And no, before you ask, I am not a windows user, I am on a Mac PowerBook G4. I prefer the mac because it is easier to use and I am not a gamer, not because of some imagined speed or innate security edge over every possible windows product.

Re:Hypocrites

Even better, not only has the tool to run in administrator mode to work, but additionally, the user has to click "Yes" in a dialog box warning him that this program is touching sensitive parts of the system(that's the UAC part).

Now if that's a security issue, then I guess rm -rf / is an enormous security hole on Unix systems

Not only does it have to be in admin mode...

...but the user has to PERMIT the program to run.

Yes, many users are just stupid and will automatically click "yes" on things, but at that point it's their own damn fault. The hack won't work without the user letting it work.

To be fair to MS

This article is a little slanted towards, "MS said you can't get into their OP, and black hats said, 'bitch please!'". But really, MS probably expected this, and was hoping that they could learn something from watching a collection of hackers test their system. The more problems that are caught now, the less when it is released.

Microsoft doesn't care about impressing Linux users, they care about releasing something that A LOT of normal users can install and forget about. Every iteration they get more stuff right, and their operating system becomes better (except ME, that sucked dick).

Re:To be fair to MS

except ME, that sucked dick.

once again, we're reminded of the importance of proper comma placement.

Blue Pill seems insincere

She also admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control.

Seems to me this 'hack' gets the cart before the horse. If you are able to run malicious software in administrator mode, you can do anything at all, not just compromise signed code authorization. Heck you could replace the whole OS. The point of security is to prevent unknown persons from being able to run malicious software in the first place.

On teh flip side, the question remains.....

... how well does this superior security hamper productivity?
The most secure computer system is one that is not turned on.

question

The real question is: will elevating oneself to administrator become common practice or not? If admin land stay reserved for the likes of Slashdot, then problems like this will probably be greatly reduced. But that assumes that the difficulty in setting up an admin account isn't worth it for most people.

Re:question

The real question is: will elevating oneself to administrator become common practice or not?

That depends on how many legacy programs require Administrator priveleges to even run. (Hint: a lot)

20 Year Mac User - Vista Is My Next OS

Well, it is unless Ubuntu or one of the other Linux distros finally make that hurdle across the final 5% or 1% of making things 'just work' that seems to elude open source developers.

I've been very impressed with the latest Vista beta. I can't say for certain that it is secure but the small amount of time I've run it, I've had absolutely no security/spyware virus problems in normal day to day use.

It doesn't quite have that elegance that Apple has with the shading/highlights etc for the UI elements, but so far Vista has been stable, secure, and fast.

And I've been a foaming at the mouth Microsoft hater for the a long, long time. It looks to me like Microsoft has finally got their shit together with this OS. There was always a desire to get back to my Mac with previous Windows systems, not any more with Vista.

Gasp!

Everyone who thought Vista was not going to be hacked raise your hand. Yea, that's what I thought.

Blue Pill

Nooo, take the Red Pill!

as I said

As mentioned in my previous post [slashdot.org]. They have their excuse for even more Vista delays. If you didn't read the old article they gave these "black hats" the authority to halt shipments of Vista until all issues are resolved.

Hardware bug

This "trick" uses a hardware bug, not a sofware bug, to exploit Vista. It should affect other OSes like Linux, Solaris, BSDs, etc.

I'm not surprised that they focused on being able to break Vista. A nice marketing move for the "researcher" (like there're not papers that explain how virtualizing environments aren't 100% safe in the x86 architecture)

re

When exploits require administrator/root access in the first place in order to function, interest level drops to 0.

This exploit-requiring-admin reminds me of another recent speech, namely http://www.defcon.org/html/defcon-14/dc-14-speaker s.html#Lin0xx [defcon.org] which was quite boring.

*yawn*

And Linux as root is any more secure?

So let's see, if you run an application as "Administrator" on a new Windows Vista machine (where users are not, by default, created as administrator accounts), that application could cause problems with the system or, if you will, "hack" the system (such an unclean word). How is this any different from sitting down at a Linux system with root access and running amok? Are root accounts inherently more secure than administrator accounts, or am I missing something here? At least on the Vista machine, a notification box may appear letting you know something is going on. See if "rm -rf /" on a Linux machine even asks you to verify your entry before it executes. Microsoft has made it clear that Vista users won't run as admins by default, so I see this as a non-issue. Why does it even qualify as "news?"

Ok, *puts in devil suit*

Look, you have to hand it to microsoft here - they are at least TRYING. I really get the feeling that someone, somewhere inside redmont finally got a clue and got them fired up about really cracking down in terms of security. Look at the 360 (yes, there is a firmware hack for the dvdrom drives, but that is not mucking with the internal security), and how long Vista has been delayed and re-written.

I know this sounds a little crazy (trust me, i hate that I'm having to even write this post), but i really think MS is giving it the ol' college try from here on out...

Security Development Lifecycle

From the article...

Reportedly, Vista is the first Microsoft products [sic] that the company is sending through its "Security Development Lifecycle", which aims at getting rid of all security vulnerabilities before shipping.

Begs the question(s)...

1. Why didn't microsoft try to get rid of all security vulnerabilities in other releases prior to shipping?

2. Who at microsoft would even claim such a thing?

Most security experts understand that 'security' is an arms race. I for one would rather measure the security of an os by the mean time between discovery and patch implementation. Microsoft is half right, they have the most vunerabilities because they are the dominant os, thus the biggest target. (yes, I know it's easier to hack ms, but that's not my point here) Even if Vista is far more secure and much harder to hack, if it has the largest install base it will have the most vunerabilities.

I take issue with this part of the artice...

She also admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control.

Since when did that make any bit of difference? Hackers have been using social engineering tricks since they were called phreakers. And most people forget that it's purely a numbers game. They don't expect every end user to fall for an email titled "i love you" or "free pron". But, a small percentage will take the blue pill, and some of them will even switch to admin mode when the cute little screen saver they won for being the 500,000th visitor to some domain misspelling.

Getting rid of ALL venerabilities? Ha, not even cutting the network cable could do that. There is always sneakernet. I for one want to run a system where zero day vunerabilites are just that, around for zero days.

These kinds of contests don't work.

This contest doesn't make sense, if they find a vulnerability, it's some bad PR, but, well, how many vulnerabilities have been found and patched for XP? If they don't, it still doesn't mean it's unhackable, it just means they need more time.

The only case where they DO work is when you're asking people to crack encryption, and then it's only CRACKING it that proves something, saying that noone could crack it doesn't mean it's uncrackable.

Missing the point, I suspect

Hmmm.

As I read it, Microsoft has declared that as of their next release, they simply won't allow unsigned drivers and other kernel-level code to run. Which, according to quite a few hardware vendors, means enough expense to be prohibitive; those same vendors today simply provide instructions to ignore "this code isn't signed" warnings.

Well, this hack lets those vendors continue as they bear.

The posts about "well, DUH! you need admin privs" is beside the point because driver (etc) installations always have. The news is that Microsoft has been trying to change that, and (at least for now) failed.

Unsigned driver hack already fixed

I hate to tell you this, but the hack to allow unsigned drivers had (and is) already been fixed in the latest Vista builds.
http://news.yahoo.com/s/zd/185371 [yahoo.com]

freeware?

So does this mean I'm going to need to be in administrator mode to run free software?

Since just about everyone runs one or two pieces of free software (Windows isn't capable of very much out of the box) doesn't this mean that *everyone* will still be running in administrator mode?

The Majority of Executables are Unsigned

Did it ever occur to anyone that the majority of executables and drivers, even legitamate ones, are not signed? So what this article doesn't say, but suggests is that MS's solution to the whole security thing is to block out all unsigned exe's. Am I wrong?

What about Visual Studio users?

Visual Studio has to run in admin mode. Okay, IFF you want to use the debugging facilities you need to be an admin. But how often would you not want to use the debugging facilities when you're developing code? And how many developers are only going to use admin mode when they need to do some debugging? Perhaps this will be fixed in the first version of VS for Vista. I wouldn't risk much of my annual income on it.

Microsoft's most secure Operating System yet

Microsoft's most secure Operating System yet

Since this is clearly unproven, we must consider it a marketing claim. Since it's a marketing claim, we must consider it as untrustworthy as their least-trustworthy operation system. Which, possibly (it's unproven), could be Vista.

Missing the point about "Blue Pill"

People hack a MacBook using 3rd party hardware and software that they won't reveal, then claim the hack would also work on hardware they didn't demonstrate, then claim Apple "leaned on them" to keep the details secret. Suddenly, Macs have no more security. TFA didn't go into enough detail about the "Blue Pill". It wasn't really a hack in the same sense. It was a proof-of-concept to insert a rootkit into an x64-based OS without hacking. To quote the original author [blogspot.com],

I would like to make it clear, that the Blue Pill technology does not rely on any bug of the underlying operating system. I have implemented a working prototype for Vista x64, but I see no reasons why it should not be possible to port it to other operating systems, like Linux or BSD which can be run on x64 platform.

People aren't worried about how to hack into Vista, they are working on brand new exploitation architectures using Vista. I have read elsewhere where Vista appears to have a TCP/IP stack designed from scratch. It includes all new implementations of the bugs that have been fixed over the past 15 years in all the other OSes.

Not the sequence of events

The article makes it sound like Microsoft handed out the DVDs and then this security researcher came back and presented a flaw. While that makes for some sensationalistic press, it isn't correct. This same presentation on bypassing Vista driver signing was given more than a week before at another security conference, SyScan

http://www.syscan.org/program.html [syscan.org]

To be fair...

...I'd be willing to bet that most people run their computes with Admin accounts.

It's too much fo a hassle to deal with the "You can't do that, log out, log in as admin, do that, log out, log back in as yourself" for most people. Hell, I KNOW what the hazards are, but I sitll do it.

Saying "It's only insecure when you run as administrator" is like saying "It's only dangerous when you smoke the cigarettes". Of course it's only dangerous that way, but that's not stopping thousands of people from doing it.

Banned from DefCon for being Cool and Unhackable

Banned from DefCon every one,
Banned from DefCon just for having a little fun,
We brought a little Alpha there [defcon.org]
Just a crew of four
But DefCon doesn't want us any more
I wonder why. . .?

OpenVMS was banned uninvited with quick rules change. Only those less secure operating systems need show up. Microsoft will always be welcome.

Whew

To be fair, the hack was possible only when the target is in administrator mode rather than a limited user account.

That will limit the damage to about 90% of Windows machines connected to the internet. And here I started thinking that MSFT security wouldn't be any better in Vista. Guess I was wrong.

that's fair

Every user I've met that nows about administrator mode on Windows operates in it when they can. They shouldn't but they do. I do. Who then are you being fair to - Microsoft, or the hackers?

In that case I totally hacked ubuntu earlier

I was able to run an application with full control over the system! I just had to put sudo in front of it and provide the right password.

Like the time I hacked Steam, I just entered in my name, email, and credit card info and BAM instant online games baby!

Ditto on the blackhats keeping the best ones under their black hats. This genius ran a known hardware issue on a new OS, *as root* and it worked. Get this girl a cookie.

Where can I get "blue pill"????

Oh man, a program that will let me run code in administrator mode... that would be sooooo sweet *cough*

Finally??

After all these years, I really hope that Microsoft finally releases an OS that is comparable in security to it's competition. Hopefully however, these securities won't come at too much of a price as to what the user can do.

As if...

a 'security hole' in XP (2k3/2k/nt/98/95/3.1/ms-dos) has ever kept an MS product from FLYING off the shelf...
give the 'average user' all 5 (or six) of the latest, _easy to use_ *nux and happily he'll waddle his fat ass right up to bestbuy and have a copy of vista... llooongg before he ever figures out how to use crontab, configure the network or learn what a man page is; gladdly paying the $300? $400? for an MS os/office bundle. the 'average user' is a dumbass and no amount of security will fix that. remember, these are the people in the video professor commercials
"oh, my three year old knows more about computers than i do..." and no one who knows her is the least suprised.
when the release date draws near, I am buying MS stock...

Future Battleground of Computing/Networking

The BIGGEST system engineering flaw (present and future) to Windows Vista is MSFT zeal to maintain backward compatibility as well as TOO SLOWY roll out the needed security features (Blue Pill or not).

Some of the problems immediately identified are:

1. Legacy applications' poor handling on privileges still poses a foot in the door to the Lord of the "Ring 0" land.
2. Lack of secured code training will continue to be plagued by newest Win-V applications
3. Temporary admin priv is a crock. No different than Unix's sudo or GUI admin popup dialog box.

The best course of action for our future well-being is to revert back to the antiquated but still effective DoD Orange Book Trusted Level B1 for trusted but verified deliverable operating system (commercial or open-source).

This means, signing drivers, ActiveX, COM, DLL and ALL system task (even the ones in system tray). The mere logistical and financial nightmare of managing the signing events will all but daunt the savviest sysadmin. For Open Source SW, a mechanism for self-signing open-source drivers (which would then only be tied to a specific machine) as well.

So, this isn't about Open Souce vs. Commercial software anymore.

The future computing battleground will be largely centered NOT between the FOSS and MSFT/OS-X BUT between the trusted-but-verified software and not.

You are all missing the point

This is about x64 driver signing. In Vista 64, drivers *cannot* run if they are not signed by a corporation who has paid the "VeriSign Tax" *. Even if the administrator requests it, they will not run. This is retarded "security", and it will keep being broken until Microsoft either gives up or forces everyone to have TPM bootup (more likely the latter).

It infuriates developers, yet doesn't do anything for preventing rootkits, as Joanna has demonstrated. As long as user-mode programs have raw disk access, they will be able to attack whatever they want.

I have a feeling that Microsoft's response to this will be to lock out raw disk access to user mode regardless of privilege. Keep in mind that even SELinux does not do this. All disk utilities would have to be written as signed drivers. The problem here is that developers won't stand for it, and will make signed drivers that grant access again. Then the rootkits can just copy these signed drivers then use them to do the same thing.

Even if Microsoft encrypts the page file or removes the ability for the kernel to page itself out, raw disk access is still an issue. You can always open \Device\Harddisk0\Partition0 (NT's /dev/hda) and overwrite the MBR, then call NtShutdownSystem to reboot. If you take away raw disk access to user mode, then you get more esoteric. Detect when a blank CD or DVD has been inserted. When the user requests to burn it, intercept the write request and burn something else instead. Act like a system crash and reboot after it's done. Most computers are configured by default to boot from CD first.

The real reason for driver signing appears to be DRM. The easiest way to "crack" song DRM is to install a fake audio driver that logs to disk. With the DMCA, it's illegal to make such a driver, and with driver signing, it's impossible to do it anonymously. If you temporarily disable driver signing - which is possible if you press F8 each boot - Vista's Windows Media Player refuses to play protected songs. Gee I wonder why.

By the way, I thought of the same pagefile hack as Joanna on my own and posted it on my weblog in early June. I'm sure Joanna figured it out long before me though.

* There are other root certificate companies that are countersigned, but this is a well-known phrase.

Melissa

just wait until release

handing out 3000 copies of a beta version is nothing. wait until millions of morons are running vista to see how mukked up it can get. as soon as there's a "market" for the crooks, they'll start pumping out the nasties.

Actually, it's an AMD Pacifica exploit

The exploit has nothing to do with Vista in particular. It seems to exploit the Pacifica virtualization extensions in the newer models of AMD to create an on-the-fly VM. Here is the original author's blog:
http://theinvisiblethings.blogspot.com/ [blogspot.com]

Really "x64" attack, not Vista or even MS-specific

The point of the Blue Pill demonstration appears not to be that there's some security flaw in Vista, but that, if you can somehow get Administrator access to any x64-based system (i.e. not just Vista...) then you can switch that system from running directly on the host hardware to effectively running within a virtual-machine that looks identical to that hardware, but over which you have complete control. Nothing on the host OS has any way to detect that this has happened (except, I suspect, through performance monitoring, etc), so no virus checker can protect systems from it.

Black Hats?

Since when do black hats report their work to their victims?
I mean... white hats do... grey hats might... but what kind of black hats would?

The Hacker that did it -- Joanna Rutkowska

Well, this is wrong, but seriously, now. Didn't anyone do a GIS for her?

http://www.spiz.ae.krakow.pl/uploaded_images/11231 65482_64981000.jpg [krakow.pl]

I think we need a new security officer here....

I'm sorry for that. I know I'm part of the problem.

Dear Lord, no more patches please

Yep. Let the patching begin.....now.

I think Microsoft deserves a little credit.

I think it is a good thing that Microsoft invited hackers to try to attack the system before it is released. A lot of people are saying how the black-hats will get a head start and not tell anybody the bugs they find. However, these guys would have found the bugs in the future anyways, and would exploit them. If one hole is found and patched, the system is safer already. These type of exercises are conducted in cryptography too. Ex: RSA offered a reward for anybody who can decrypt some of their keys, their 200 decimial digit key was factored using parallel computers, but it was found that it would take 55 years on a normal computer to crack the key. It gave them a good idea about what size keys they need to protect information for long enough (i.e. long enough so your credit card expires before someone can decrypt your transaction and buy stuff with your card, etc). Here is an interesting article I read in a class about other systems failing: http://web.mit.edu/6.033/www/papers/wcf.pdf [mit.edu]. Banks and ATM machine makers just tested their machines internally before putting the ATMs to use. What happened? People found ways to withdraw money from ATM machines from other accounts, people figured out how to crack pins, how to clone other ATM cards and accounts,... tons of hacks. And this was fairly recent, in the 1990s. Having one internal group to test the security is not enough. Inviting the whole world to test the security before release is much better. What would be best is if Microsoft offered some source code too (much like Linux), so the hackers can have complete information. That way most of the problems can be found and fixed beforehand. But that would never happen since they are corporation and their primary goal is to make money. But inviting attackers is a step in the right direction. What is unfortunate is the deadlines. The shareholders want it released so they can make some more money. The media is trying to make it sound like Microsoft programmers are incompetent. Security is a "negative" goal. It is easy to prove that a system can be broken, you just come up with one hack, one example. However, how do you prove that a system cannot be broken? You have to try every single possible attack. Prolem is you don't know what the attacks are. It takes time to make sure security is at an acceptable level before it is released.

Flash of the Blindingly Obvious

So the black hats manage to penetrate Vista... from admin mode. You run any OS as root and the box is already owned. Actually, this might be a good sign for Vista. If this is all the black hats could come up with, wouldn't that put Vista among the most secure OS ever made? Of course, there's always the plausible deniability that the black hats just haven't published any of the REAL Vista exploits yet.

Microsoft Originality

Trying so hard to not be like the other guy.

Instead of instituting a simple concept like Super-Users, we'll just train everyone to think that if you click "ok" enough times your computer will work. Excellent . . .

An applicable futurama quote...

"Doomsday device? Ah, now the ball's in Farnsworth's court! [Presses a button, revealing a vast and fearsome arsenal of doomsday weapons] I suppose I could part with one and still be feared..."

Re:since when?

That's MICROSOFT'S MOST SECURE OS YET - not THE WORLD'S MOST SECURE - Microsfot's "best yet." Learn the language before bitching about it, please.

Re:The blue pill?

Woah.

Re:since when?

Because Stone Cold....err, Microsoft, says so!!!

The blue pill seems apropos

The Matrix reference was by the author of the malware.

Since the malware works by creating a virtual machine environment and effectively running the OS and its entire herd of applications within it, the Matrix reference seems entirely appropos. The Matrix is the closest match in popular fiction to the situation.

("True Names" and the Cyberspace/Cyberpunk stories are earlier. But the core premise of "The Matrix" is that the entities within it are normally unaware of this fact and don't normally have any way to determine that they ARE within a simulation.)

Re:FIST SPORT!

It's obviously C++ at fault, eh? ;p