Nitin Kumar and Vipin Kumar are about to present the Vbootkit at the upcoming Blackhat and HITB cons :"We have been recently researching on Vista. Meanwhile, our research for fun lead us to some important findings. Vista is still vulnerable to unsigned code execution.vbootkit is the name we have chosen ( V stands for Vista and boot kit is just a termed coined which is a kit which lets you doctor boot process).vbootkit concept presents how to insert arbitrary code into RC1 and RC2, thus effectively bypassing the famous Vista policy for allowing only digitally signed code to be loaded into kernel. The presented attack works using the custom boot sectors.Custom boot sector are modified boot sectors which hook booting process of the system & thus, gains control of the system. Meanwhile, the OS continues to boot and goes on with normal execution."
Vulnerabilities are an inevitable commodity, they will always appear and instead of counting them on an OS or software basis, consider a vendor's response time while following the life of the security threat. I never actually liked the idea of an insecure OS, to me there're well configured and badly configured OSs in respect to security, but then again if you're a monocultural target the way Microsoft is, you'll always be in the zero day spotlight. A security breach will sooner or later hit your organization, don't talk, act and pretend you're 100% secure because you cannot be. Instead a little bit of proactive measures balanced with contingency planning to minimize the impact is what should get a high priority in your strategy. Here's a related post.
Cartoon courtesy of Userfriendly.org
No comments:
Post a Comment