×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Show How To Take Control of Windows 7

CmdrTaco posted about 5 years ago | from the hey-wait-a-minute dept.

Microsoft 325

alphadogg writes "Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday. Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. 'There's no fix for this. It cannot be fixed. It's a design problem,' Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack. While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely." Which makes me wonder why I'm posting this :)

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

325 comments

YOU weren't posting, ken dawson was (-1, Troll)

swschrad (312009) | about 5 years ago | (#27688985)

bwa-ha-haaa! the first hack documented

Re:YOU weren't posting, ken dawson was (1, Funny)

negRo_slim (636783) | about 5 years ago | (#27689089)

Having physical access to the box kind of takes away all the fun...

Re:YOU weren't posting, ken dawson was (3, Funny)

VisualD (1144679) | about 5 years ago | (#27689133)

Also restarts kill it. This is Windows we're talking about here...

Re:YOU weren't posting, ken dawson was (2, Insightful)

bennomatic (691188) | about 5 years ago | (#27689153)

I was going to say... if you have physical access, you can take out the hard drive, put it in another box, muck around with the data in any way you want and put it back. I'm an Apple fanboi at heart, but, geeze, this seems like a big, honkin' "What-ever!" to me.

Re:YOU weren't posting, ken dawson was (1)

quickOnTheUptake (1450889) | about 5 years ago | (#27689509)

even worse than those gaping security holes for linux that assume the attacker has root access.
"A cracker with physical access to a machine can take control of the computer during boot. News at 11."

fp (-1, Troll)

Anonymous Coward | about 5 years ago | (#27688991)

thats how i take over the story!
:O

I cannot believe it... (-1, Troll)

mraudigy (1193551) | about 5 years ago | (#27688999)

Do you mean to tell me that a Microsoft product has a security vulnerability? I simply just cant believe it...

Re:I cannot believe it... (5, Insightful)

gnick (1211984) | about 5 years ago | (#27689113)

OK, I'm not a Mac guy so I can say nothing about it. I've also not used Windows 7.

But, really. If you give me physical access to damned near any Windows or Linux machine, it's owned. And there are a lot of people out there a helluva lot better then me.

Sure, I won't be able to crack your encrypted archives. Nor your well-protected stored passwords. But hacking root/admin with physical access to the box isn't rocket science. Actually, it's much tougher with Vista than any Linux distro I've run into.

Re:I cannot believe it... (1)

gnick (1211984) | about 5 years ago | (#27689381)

But, really. If you give me physical access to damned near any Windows or Linux machine, it's owned.

OK - Sorry in advance for the self-quote and self-reply, but I thought that I would correct myself before somebody else does. Total hard-drive encryption makes taking a box over significantly harder - Well beyond anything I've actually done. I've read about techniques more sophisticated than an in-line PS/2 or USB sniffer, but I'll leave it to the experts to freeze/remove/copy live RAM. I was talking about your standard office-building desktops.

Re:I cannot believe it... (5, Insightful)

DavidChristopher (633902) | about 5 years ago | (#27689711)

In the absence of physical security, taking over a vista, linux, mac os x or (insert vendor here) UNIX system is not difficult, providing you know the platform. No, the 'average gramma' can't do it, but most of us most likely can - with not much more than a google search and a quick download.

I'm not a microsoft (or apple, or linux) fanboi by any means, but a system is only as secure as you actually make it. Disk encryption helps - it's a great idea - so I've honestly never met anyone who's used it.

While this is certainly an interesting exploit, I doubt highly that many systems will be compromised in the wild with it.

Re:I cannot believe it... (2, Insightful)

Sir_Lewk (967686) | about 5 years ago | (#27689793)

much tougher with Vista than any Linux distro I've run into.

And us linux users consider that a feature.

Re:I cannot believe it... (4, Funny)

MyLongNickName (822545) | about 5 years ago | (#27689597)

Hi. I see you are making fun of a "security vulnerability". This vulnerability involves being physically present at a PC and being able to boot it. This is a security vulnerability in the same way that my house is insecure to folks who I invite over for dinner.

You obviously have no clue, and I would recommend not posting in security vulnerabilities discussions any more.

kthxbai.

Physical Security is a big issue (3, Insightful)

mc1138 (718275) | about 5 years ago | (#27689025)

We hear about it all the time, laptops being stolen, left out, all with tons of sensitive data. Combine this with a lot of companies having very poor physical security this could be more than something to just write off.

Re:Physical Security is a big issue (2, Insightful)

xmarkd400x (1120317) | about 5 years ago | (#27689245)

Your "problem" has already been solved. Encrypt the hard drive. Companies don't care about losing sensitive data other than the monetary and reputation loss. If you lose a hard drive with private info on it, you only have to report a "breach" if it's encrypted.

Somebody with physical access can just use a boot CD and do what they want anyways.

Re:Physical Security is a big issue (2, Interesting)

Lovedumplingx (245300) | about 5 years ago | (#27689275)

I was thinking that same thing.

Sure it's not really much of a problem for the home user but for the businessman/government worker who travels and leaves his laptop or has it stolen this means that the data on that machine will be compromised.

Re:Physical Security is a big issue (1)

Rayeth (1335201) | about 5 years ago | (#27689611)

Also isn't an axiom of computer security that if someone can get physical access to your machine there is pretty much no software in the world that can stop them? Its all well and good to encrypt, but that won't help you if they remove the drive and have their beowulf cluster break your your RSA.

Re:Physical Security is a big issue (1)

MozeeToby (1163751) | about 5 years ago | (#27689825)

If someone has physical access to your computer, you've already lost. That's been the general rule for decades now. Even with a fully encrypted harddrive someone could install an inline usb key-logger and you would probably never notice it. Sensitive information should never go on a laptop and desktops should be physically secured. Anything else is 100% defeatable.

Physical access = root (2, Insightful)

Anonymous Coward | about 5 years ago | (#27689027)

If you got physical access already, it shouldn't be a surprise you can root the box.

Re:Physical access = root (1)

tepples (727027) | about 5 years ago | (#27689557)

If you got physical access already, it shouldn't be a surprise you can root the box.

Then why haven't TiVo DVRs, Linux boxes to which the user has physical access, been rooted?

Re:Physical access = root (3, Insightful)

paroneayea (642895) | about 5 years ago | (#27689905)

Linux boxes are rootable. They *should* be rootable. The only time they aren't are when you don't have control any more (because of DRM & etc). But then they are only Linux in as much as the Kernel goes, not as much as the kind of Linux that Linux users advocate. I've recovered a broken plenty of times by popping in a boot cd and chrooting it.

The only time a system can be protected from this type of stuff is if it's encrypted. But then again, that's only protecting someone from accessing information you want to keep private, not protecting from reinstalling your operating system.

Yes, why post this? (4, Insightful)

Control-Z (321144) | about 5 years ago | (#27689037)

If someone has physical control of the machine, all bets are off.

Re:Yes, why post this? (1)

Icegryphon (715550) | about 5 years ago | (#27689135)

Agreed, hell you can reset admin passwords or root passwords if you have physical access to the machine.
Unless you are using encryption on the drives.

Re:Yes, why post this? (0)

Anonymous Coward | about 5 years ago | (#27689279)

That used to be true, it's less and less the case.

Re:Yes, why post this? (4, Interesting)

MyDixieWrecked (548719) | about 5 years ago | (#27689345)

In today's Virtual world, physical access to the machine doesn't mean meatspace access. My company and several of my friend's companies are looking into virtualized desktops by using small desktop boxes and low-end PCs to connect to PCs in the datacenter over either RDP or other proprietary protocols.

With the proliferation of cloud-based applications, it's only a matter of time before someone offers a browser-based virtual desktop in the cloud. Once someone hacks into some server up there, they have physical access to the machines for all intents and purposes.

This is a very interesting threat from a virtual infrastructure security standpoint.

Re:Yes, why post this? (1)

vux984 (928602) | about 5 years ago | (#27689677)

This is a very interesting threat from a virtual infrastructure security standpoint.

Not really. *ANY* physical-attack type threat is altered in the same way by virtualization.

To obtain illicit 'physical' access to the virtual machine they have to compromise the host machine. If the host machine can't be hacked remotely, then the 'physical' virtual machine is essentially safe.

And if the host machine CAN be compromised remotely, then the guests are hosed no matter what.

Re:Yes, why post this? (1)

DaveV1.0 (203135) | about 5 years ago | (#27689861)

My company and several of my friend's companies are looking into virtualized desktops by using small desktop boxes and low-end PCs to connect to PCs in the datacenter over either RDP or other proprietary protocols.

In other words, you are going back to the old terminal/server model of computing. Welcome back to the age of Jive.

Re:Yes, why post this? (5, Insightful)

Lord Ender (156273) | about 5 years ago | (#27689393)

Some disk encryption solutions, such as Checkpoint, rely on windows authentication to decrypt the disk. If this can be bypassed easily, it makes this disk encryption worthless.

It was obvious to crypto pros that it is theoretically worthless, but this is a practical attack against it.

Real disk encryption DOES protect them machine even with physical access. But "enterprise" software companies like Checkpoint sell snake-oil encryption quite well because engineers can "prove" it's flawed to management without a working exploit.

Re:Yes, why post this? (0)

Anonymous Coward | about 5 years ago | (#27689627)

Real disk encryption DOES protect them machine even with physical access. But "enterprise" software companies like Checkpoint sell snake-oil encryption quite well because engineers can't "prove" it's flawed to management without a working exploit.

A rather important 't.

Re:Yes, why post this? (4, Funny)

greenguy (162630) | about 5 years ago | (#27689517)

OK, they're claiming that if they have physical access, they can take control while it boots.

Sounds like they simply waited for it to finish booting. Ta-dah! They have control of it!

Not necessarily (4, Interesting)

SpooForBrains (771537) | about 5 years ago | (#27689737)

The standard method of securing the data on your machine, which is what's important, is to encrypt it. So even if someone rips open the box, takes out the disk and puts it in another machine, the data should be safe, assuming the encryption algorithm and the user authentication processes are secure.

However, if this exploit allows them access to the operating system on the disk, and allows them to subvert the user authentication process to grant themselves access to a user's account, then the data is compromised.

So this exploit may have an application, not as an attack vector for writing a propagating worm or virus, but as a means to gain access to otherwise secure data.

Who cares? (4, Insightful)

Sj0 (472011) | about 5 years ago | (#27689045)

Rule 1 of computers is, if someone has physical access to your machine, it has already been compromised. I always design my security around this fact, and if a machine needs to be secure against attack, it will be physically secure.

Re:Who cares? (1)

Andy Dodd (701) | about 5 years ago | (#27689199)

It is possible to design a machine that is secure even from someone who has physical access, but doing so is expensive and involves compromises in usability that normal users would never accept. (Of the "you no longer own your own machine" kind.)

Re:Who cares? (1)

Sj0 (472011) | about 5 years ago | (#27689263)

Please elabourate. I can't think of any way you could use current technology to make a device that no attacker could access, given a sufficient amount of time and resources.

Re:Who cares? (1)

tepples (727027) | about 5 years ago | (#27689693)

I can't think of any way you could use current technology to make a device that no attacker could access

The BIOS is encrypted with a key stored in a PROM on the CPU, and the BIOS checks the digital signature of each file that it loads. Any piece of code without a certificate chain leading up to the platform publisher doesn't get executed.

given a sufficient amount of time and resources.

The expenditure of time and resources indicates 1. possession of cash and 2. intent to compromise a system, both of which make you more likely to extract a large award of damages from an attacker in a court of law.

Re:Who cares? (1)

SydShamino (547793) | about 5 years ago | (#27689845)

Machine has only an ethernet port and a power port, no other ports exposed. Internally, machine has been potted with a material that chemically bonds to both IC plastic and soldermask, so that removing the material would physically damage both the PCB and components.

Internal battery with >20 yr life monitors integrity of case panels in multiple redundant points, and arcs and melts flash if any disturbance is noted.

So yeah, you're right. Given sufficient time and resources such a machine would be broken in a way that preserved the internal data. But "sufficient time" could be a very, very long time. It would likely be more efficient to power it up and try to hack the software through the exposed ethernet port. And that's no different whether the attacker had physical access or not.

Re:Who cares? (1)

immakiku (777365) | about 5 years ago | (#27689373)

It's also a balancing act. I don't want everyone in my household to easily have access to my computer without knowing my password. Doesn't mean I expect my computer to be 100% screwdriver proof.

Re:Who cares? (1)

antifoidulus (807088) | about 5 years ago | (#27689791)

Not really, full disk encryption along with BIOS security does provide a pretty good defense against attackers with physical access. Now granted if they are standing in your office I guess they could just beat you over the head with your motherboard until you tell them the password but....

You mean like a bootable USB? (0)

Anonymous Coward | about 5 years ago | (#27689055)

Just have the initial virus/exploit write onto a bootable device, like a USB key - and then force a reboot. The user will just think "aww, crap, why'd it just reboot" - and you got em.

A hack! (5, Insightful)

Anonymous Coward | about 5 years ago | (#27689057)

This is barely a hack. I can steal any car in the world. Give me the keys, some gas, and park it in my drive way. Watch me steal it with ease! HA!

Re:A hack! (0)

Anonymous Coward | about 5 years ago | (#27689827)

your forgetting if the wheel is locked or there is a steering wheel lock. But I'm paranoid so I always take the spark plugs with me too.

Boot from Live CD? (5, Insightful)

neilobremski (1344051) | about 5 years ago | (#27689071)

If you boot from a Live CD, since you have physical access to the machine, isn't it essentially the same thing? I'm confused about how this is a vulnerability.

Critical information missing (3, Insightful)

drsmithy (35869) | about 5 years ago | (#27689077)

There's a rather important aspect of this that's not discussed - how does this code get onto the computer in the first place to be executed during boot ?

Re:Critical information missing (2, Insightful)

Sockatume (732728) | about 5 years ago | (#27689249)

A bootable CD-ROM that then boots the OS while performing the in-memory patching required to make the machine vulnerable.

Re:Critical information missing (3, Interesting)

amliebsch (724858) | about 5 years ago | (#27689253)

Another important piece of missing information: was BitLocker turned on? Did this defeat the full-disk encryption? THAT would be a story. Otherwise, BFD.

No big news. (0)

Anonymous Coward | about 5 years ago | (#27689085)

If you give me physical access to a Linux machine, I can have it doing as I please faster than Vista.

sheeeet, negro. that's all you had to say! (5, Funny)

gandhi_2 (1108023) | about 5 years ago | (#27689097)

This is contrasted with Mac OSX which uses a combination of Gracie-style Brazilian Jiu Jitsu, Hapkido, and oratorical prowess to keep would-be haxors at bay while the police are enroute. Or the Linux lack of social skills which avoids "physical access" altogether.

Mindless bashing (2, Insightful)

Anonymous Coward | about 5 years ago | (#27689117)

Im as anti-microsoft as the rest of you (at least the intelligent folk), but are you all seriously claiming that linux or unix distros are immune to tampering with the boot partition?

I would assume the only way to be immune against this type of attack would be encrypting the system partition, and a "bootkit" as they seem to be calling it that is aware of encryption may even be able to deal with that.

Whats the story here again? That booting into a secondary OS gives you full control of data on an unencrypted hard drive?

Re:Mindless bashing (1)

Svartalf (2997) | about 5 years ago | (#27689351)

Well, this one wires itself into the OS (In order to be useful, it kind of has to...)- so it'd be difficult to get a wide-spanning variant of this going, but a targeted one could actually zap any device in existence. You'd just have to target specific OSes in the x86 space, you'd have to figure out how to zap uboot and redboot stuff by remote, etc.

While I'm not going to say that it'd be impossible (It's not and it IS serious...)- only X86 systems would be easily targetable but they'd have to have 3 or so custom versions of the thing to make any impact. And, it'd be one of the only instances of something that I'd be concerning myself with on Linux. Most of the other stuff can't get good traction.

I would not say "mindless bashing"- it's just that the researchers in question did it to Vista, which is supposed to be "more secure" than this... :-D

Re:Mindless bashing (1)

Murpster (1274988) | about 5 years ago | (#27689701)

are you all seriously claiming that linux or unix distros are immune to tampering with the boot partition?

Yes, of course! My Linux system achieved sentience a few kernel builds ago, and I've trained it to electrocute anybody but me who tries tampering with it.

pretty low on the spectrum (1, Insightful)

Anonymous Coward | about 5 years ago | (#27689147)

if it is a remote exploit that doesn't involve user interaction, I definitely want to hear about it (like homeland security's red=everybody panic)
If it is a remote exploit that requires user interaction, I still want to hear about it (condition=orange)
If it is a local exploit/privilege escalation that doesn't require root, it might be interesting (yellow)
If it is a local exploit that requires root privileges, leave it off the front page.

Re:pretty low on the spectrum (1)

Svartalf (2997) | about 5 years ago | (#27689247)

It's actually not as low as you'd think. They only need local access for the proof of concept.

Think old-school boot-sector virus and you'd be thinking right. It's more of a new twist on that concept.

Think "yellow" to "orange" in your analogy and you'd have it pretty close.

Re:pretty low on the spectrum (1)

Sockatume (732728) | about 5 years ago | (#27689319)

Actually, it needs local access by necessity, unless you can think of a way to boot by removable media on someone else's computer remotely. A device which can network boot might be vulnerable, if the required packets could reach it.

Re:pretty low on the spectrum (0)

Anonymous Coward | about 5 years ago | (#27689437)

Actually, it needs local access by necessity, unless you can think of a way to boot by removable media on someone else's computer remotely. A device which can network boot might be vulnerable, if the required packets could reach it.

Actually, many managed servers from Dell, HP, IBM, etc can do that kind of thing (remote boot from remote floppy or CD).

It's very handy for firmware updates and the like.

nick picking (1)

phrostie (121428) | about 5 years ago | (#27689165)

i have no love of M$, but come on. if you have physcal access to a computer and at boot time no less you can do what ever the #@!! you want.

if this is the biggest flaw redmond has in W7, that's not so bad.

was news (1)

ohmiez (1539439) | about 5 years ago | (#27689177)

Till i saw "physical access." if someone is _that_ determined to compromise a machine they will walk off with the HDD.

I am a world class car thief. Watch me steal. (0, Redundant)

Bill Zinclemyer III (1539631) | about 5 years ago | (#27689179)

I can steal any car in the world. Give me the keys, some gas, and park it in my drive way. Watch me steal it with ease! HA!

Heh... Nice idea, really (1)

Svartalf (2997) | about 5 years ago | (#27689183)

Intersting idea. While the current version requires physical access, it doesn't strike me that one would need all that much to make it work via remote with a trojan or similar.

Basically, it's a revisit of the boot-sector virus of old, which will prove to be an issue for just about any OS, most likely.

Re:Heh... Nice idea, really (1)

DaveV1.0 (203135) | about 5 years ago | (#27689657)

Please explain in detail how one would make this work without physical access to the box.

The Linux story the other day (1)

twidarkling (1537077) | about 5 years ago | (#27689191)

What I find interesting is the people who are trumpeting this as a horrible security vulnerability, despite needing physical access to the machine, are likely to be the same ones who discounted the Intel cache overflow exploit being easier to execute on Linux than other systems, but you need to run as root on Linux as "If someone has root, it's your fault anyways." So what makes this one more egregious in their eyes? You can run root over a network. That seems worse than needing physical access to the machine, imo. It just goes to show, no OS is completely safe, no matter what, and user education is the key. Not security through obscurity.

imaginary trumpeting straw man (1)

rs232 (849320) | about 5 years ago | (#27689349)

"What I find interesting is the people who are trumpeting this as a horrible security vulnerability"

Where did you read that, from a quick browse most/all of them mention physical access. Where are all these nay-sayer comments?

"are likely to be the same ones who discounted the Intel cache overflow exploit being easier to execute on Linux than other systems"

That's what's knows as a straw man argument. As in making up imagionary quotes on another thread and addressing them instead of the current subject, which is researchers demo proof-of-concept code to take control of a Windows 7 virtual machine while it was booting up.

Re:imaginary trumpeting straw man (1)

twidarkling (1537077) | about 5 years ago | (#27689527)

http://it.slashdot.org/article.pl?sid=09/04/22/1815226 [slashdot.org] Take a look. There's a shit-ton of people going "Yeah, but you need root to do it." That exploit's in the wild, not just proof-of-concept. And people are still discounting it. That makes my argument just a bit beyond "straw man." I was pointing out that people will hold up any system as more or less secure than another, but it all comes down to the users, not the OS.
As for the nay-sayers? Look at the first comment on the article. Someone already saying "Look! A security vulnerabilty!"

Not broken, someone just wanted a story. (1)

NickW1234 (1313523) | about 5 years ago | (#27689215)

The problem goes even deeper. The bios is insecure. You can put bootable media in it and access your drives. They really should start epoxy potting the whole machine with a harddrive with windows preinstalled and no longer allowing any other bootable media.

Attack requires editing RAM contents during boot (5, Informative)

Sockatume (732728) | about 5 years ago | (#27689217)

The attack involves patching particular Windows system files in RAM during the boot process, which explains why physical access is required, and why it doesn't work after a reboot. The attacker loads an app from a CD-ROM which then itself executes the normal Windows boot process while agressively patching software in memory. This also isn't a windows-specific vulnerability: any OS which does not checksum memory contents each time they're read is vulnerable.

Re:Attack requires editing RAM contents during boo (0)

Anonymous Coward | about 5 years ago | (#27689489)

Even if they do checksum/hash memory constantly, it doesn't make a damn bit of difference. If you can patch memory, you can patch the code to remove checks. In fact, the Vista/7 bootloader does not only checksums but signature checks.

Re:Attack requires editing RAM contents during boo (4, Interesting)

rs232 (849320) | about 5 years ago | (#27689543)

"The attack involves patching particular Windows system files in RAM during the boot process, which explains why physical access is required, and why it doesn't work after a reboot"

'The latest version of VBootkit includes the ability to remotely control [networkworld.com] the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected'

I thought BitLocker [wikipedia.org] was supposed to defend against such exploits if the boot sequence was altered?

Re:Attack requires editing RAM contents during boo (1)

Sockatume (732728) | about 5 years ago | (#27689713)

The remote access and priviledge level exploits are only possible after VBootkit has been patched into memory. Bitlocker protects against patching the OS on the disk but I don't think it offers any protection against changing the OS contents, beyond the "user input" requirement for boot (either a PIN or a physical device, which this software may or may not be able to bypass).

Re:Attack requires editing RAM contents during boo (2, Insightful)

vux984 (928602) | about 5 years ago | (#27689567)

This also isn't a windows-specific vulnerability: any OS which does not checksum memory contents each time they're read is vulnerable.

Even that wouldn't matter, because the first thing I'd in-memory patch is the checksum algorithm to always return 'ok'.

The only real way to resolve this would be a-la console style 'trusted computing, and digital signatures through the whole bios and bootstrap process'. Of course, even this could be 'hacked' or 'modchipped' but at least it wouldn't be as simple as just putting in a disk.

There is no security if they have enough physical access.

Re:Attack requires editing RAM contents during boo (1)

necrogram (675897) | about 5 years ago | (#27689587)

I thought that was part of the bitlocker boot process, that the unencrypted boot files have their checksums stored in the tpm

Re:Attack requires editing RAM contents during boo (1)

Sockatume (732728) | about 5 years ago | (#27689803)

If that's so then I imagine it would be a protection from this, assuming Windows is assiduous about checking those files' checksums. It's implied in the article that it is not, but I'm not sure if the exploit was tested against a system with a TPM.

FCKGW (1)

RenHoek (101570) | about 5 years ago | (#27689243)

While uninteresting for worms, this is probably a nice way for pirates to hack Windows 7..

I'm not sure if they have cracked it already or not, since I'm still on XP.

For a smart guy, dumb statement (2, Insightful)

furby076 (1461805) | about 5 years ago | (#27689367)

'There's no fix for this. It cannot be fixed. It's a design problem,

There is always a fix. Every vulnerability is a "design problem". Sometimes the code to fix it is a separate app (e.g. firewall, virus protection), and sometimes it requires modification to the code. There is always a fix in software - it's just a matter of making it.

This guy stating there is no fix, it can't be fixed is making statements about as dumb as those who say their favorite OS (e.g. OS X) is immune from any virus/worms/hacks.

Re:For a smart guy, dumb statement (0)

Anonymous Coward | about 5 years ago | (#27689501)

Usually, I'd say you're right. In this case, it's different.

He really does mean "There's no software fix for this." - physical access kind of does that.

Re:For a smart guy, dumb statement (1)

furby076 (1461805) | about 5 years ago | (#27689781)

Well there is a fix - but it will have some drawbacks - don't allow booting from CD, USB, Ethernet. Obviously if soemone strips out the hard drive and connects it as a slave drive to the computer there is nothing that can be done, but in terms of booting. Though I am pretty sure the boot process has to be fixed by the hardware mobo makers. Put a password on your boot setup and set it so you can't boot from CD/USB/Ethernet.

Re:For a smart guy, dumb statement (2, Insightful)

JasterBobaMereel (1102861) | about 5 years ago | (#27689629)

He is right there is no fix .... however the workarounds are pretty good ...

If you are booting, then load the boot software at a random location, like they do with other programs once the system is running, and this hack will be *much* more difficult

It's just that, as he says, Windows 7 assumes that during the boot process no user program can change things and it has complete control....

If you are running in a virtual machine you *never* have complete control and so this will always work on any OS, but you can make it difficult ....

Your second option... (1)

its_schwim (1247278) | about 5 years ago | (#27689419)

If you have to be present to perform the hack, then you could always just hit the PC repeatedly with a hammer if for some reason it doesn't work.

Misleading title (2, Insightful)

tuxgeek (872962) | about 5 years ago | (#27689443)

At first glance at the thread title, my first thought was pop a Linux CD into the drive and reboot
Voila no more Win7

Prevention or problem. (0, Troll)

senorpoco (1396603) | about 5 years ago | (#27689485)

But who would want to take control of a computer with windows 7 on it? It is like hijacking a garbage scow.

Just because (0)

Anonymous Coward | about 5 years ago | (#27689571)

...someone has physical access to my computer shouldn't mean they have access to the data stored on that computer. This is NOT acceptable. Users need to adjust their expectations and DEMAND better security. Tired of this BS, "If someone has physical access..."

Computer thefts are not rare occurrence to say it is acceptable if someone already has computer they might as well have the data!

Re:Just because (1)

realmolo (574068) | about 5 years ago | (#27689777)

The only answer is to encrypt the data. Nothing else could POSSIBLY keep someone from getting at your data if they have physical access to your hardware.

The reason (4, Insightful)

kenp2002 (545495) | about 5 years ago | (#27689615)

... the reason you are posting this article is to spread anti-microsoft hate and FUD for no reason.

Why not post:

With a gentoo install CD you can gain control of any linux system by overwriting key /etc/ files to give yourself root access unless you use encrypted drives...

More useless propaganda from an MS-hater. I mean seriously, this is news? Next thing you'll post is the Windows 7 has a horrible exploit that crashes it every time you shoot the PC with a shot gun.

Don't we have a NO FUD policy for articles?

"Everyone is entitled to be stupid, but some abuse the privilege", as a result of this abuse, your Stupid License has been suspended for 60 days.

Unfixable!!! (0)

Anonymous Coward | about 5 years ago | (#27689661)

Reminds me of the Shatter attack, which was also "unfixable" until Vista fixed it.

But unlike the Shatter attack, we don't even have to wait for a fix. Just turn on Bitlocker. There, fixed that unfixable problem for ya. With a security feature already present in the OS. Kinda makes you wonder what their definition of "unfixable" is...

Jeeze, hyperbole much?

Captain Obvious, AWAY! (1)

rezalas (1227518) | about 5 years ago | (#27689717)

Oh my god, windows can be hacked! With physical access! THIS IS HUGE! WINDOWS SUCKS MICROFOSFT IS TEH DEVAL OOH NOES!!1!one
Linux... Mac OS, Windows, ANYTHING... can be hacked with physical access. Period. If you have the time and the access there is no security beyond encryption and even that can eventually be defeated. This seems like just another lame "bash microsoft" post. Yeah you hate them, sure we know it. Get over it. They didn't become one of the largest software providers on earth by use of magic and lolly pops (though it did take a few suckers here and there).

The worst part is that its a bunch of security researchers that blew time on this bullshit and then in the end said "but don't worry it doesn't matter." Then why the fuck did you bother with it? Congratulations for proving what the whole fucking security industry already knew captain obvious! Whats next, going to tell us that wireless routers have a physical switch vulnerability when the default password is used? Do us all a favor and fly out that window and save the world buddy.

Missing the point folks... (3, Interesting)

minsk (805035) | about 5 years ago | (#27689799)

Everyone talking about this being irrelevant is missing the point. This attack does not make users significantly more vulnerable. Instead, it makes Windows more vulnerable to users.

Hacking your own machine sounds laughable. But as long as vendors restrict usage, we need to keep reminding them that DRM is a fool's quest.

How about we stop lending fame to these clowns (1)

billcopc (196330) | about 5 years ago | (#27689809)

So these guys came up with a bootloader that screws with its child process (the OS), and they're calling that an exploit ? I guess "grub" would be considered an exploit too, by their chicken-little standards.

These two Kumar clowns are really just shills for Trusted Computing, fear-mongering in exchange for a little kickback from the related fascist orgs.

Nonsense (0)

Anonymous Coward | about 5 years ago | (#27689819)

This article is nonsense.

Which makes me wonder why I'm posting this? (0)

Anonymous Coward | about 5 years ago | (#27689923)

Yes, why? Makes me wonder why I'm reading this :(

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...