• Steam recently changed the default privacy settings for all users. This may impact tracking. Ensure your profile has the correct settings by following the guide on our forums.

Wow! Windows 7 Fails! - Hack thats unfixable...

S

Sullivan

New Member
2zple92.jpg
A hack that's "unfixable" is a pretty bold claim, but that's just what researchers Vipin Kumar and Nitin Kumar have announced at the now-happening Hack in the Box security conference, and they seem ready to back it up. Apparently, they've devised a means to gain control of a Windows 7 computer during the boot up process though the use of a tiny 3KB program dubbed VBootkit 2.0 (a follow-up to a similar Vista hack), which loads itself into the system memory and bypasses the hard drive altogether, making it extremely difficult to detect. Once loaded, an ill-intentioned individual could potentially change passwords, access protected files, or do just about anything else and then leave without a trace. The one fairly big drawback to the hack, however, and upside for most users, is that it can't be performed remotely, so it'll likely only be a significant concern for businesses or other folks using computers in public places -- unless, of course, Microsoft finds a way to fix the "unfixable."
Click to expand...

Source: Engadget

I laughed so hard when it begins saying this:

gain control of a Windows 7 computer during the boot up process though the use of a tiny 3KB program dubbed VBootkit 2.0 (a follow-up to a similar Vista hack), which loads itself into the system memory and bypasses the hard drive altogether, making it extremely difficult to detect.
Click to expand...

It may not be able to be remote, but it sure as hell is a major bug. :scared: Image this at future schools and universities.
 
FrozenIpaq

FrozenIpaq

Justin B / Supp. Editor
Enforcer Team
I wouldn't call that much of a bug and businesses won't be using Windows 7 until it is tried and tested more (all we have now is an RC build, not a final build). I think Engadget is exaggerating this "bug" - if it can't be controlled remotely then I see it as no threat. I do not put in sensitive information on a public computer, that's the worst thing you can do
 
S

Sullivan

New Member
FrozenIpaq said:
I wouldn't call that much of a bug and businesses won't be using Windows 7 until it is tried and tested more (all we have now is an RC build, not a final build). I think Engadget is exaggerating this "bug" - if it can't be controlled remotely then I see it as no threat. I do not put in sensitive information on a public computer, that's the worst thing you can do
Click to expand...

Yes, but say you are a college student, and you are connected on there network, you can get infiltrated by this. As long as he is on the network physically.
 
twelve

twelve

I'm not dead
Sullivan said:
Yes, but say you are a college student, and you are connected on there network, you can get infiltrated by this. As long as he is on the network physically.
Click to expand...
That's still remote. Anything that doesn't take place on your actual PC is remote. Regardless of whether it's a private network or not.

And also:

"A hack that's "unfixable" is a pretty bold claim, and they seem ready to back it up."

Nowhere in the source is it backed up why they think it is unfixable. Without a doubt it'll be patched before 7 comes out. If that means MS have to rewrite the boot process slightly then they will.
 
A

Archaemic

New Member
Oh please. This is simply a boot attack. There's no such thing as security if you have physical access to a computer. All you can do is lock your case, password your BIOS and encrypt your hard drive. The second one should defeat this attack anyway.
 
You must log in or register to reply here.
Top