If Windows Vista is Microsoft’s much applauded, most bulletproofed platform to date, then the 64-bit edition of the operating system is an epitome of Windows security. However, hackers are getting ready for the x64 Vista onslaught, designed to demythologize the apex of security that the 64-bit edition of the operating system is supposed to be. And the BlackHat conference at the Caesars Palace, in Las Vegas between July 28 and August 2, 2007, will be the stage for a new breed of attacks against the x64 Vista kernel, courtesy of Joanna Rutkowska, Founder/CEO and Alexander Tereshkin, Principal Researcher from the Invisible Things
Rutkowska’s Blue Pill and Microsoft’s Windows Vista operating system, with the focus on 64-bit platform, will be at the center stage of the “IsGameOver(), anyone?” training at BlackHat. But additionally, the two security researchers will also focus on hacking Windows NDIS to bypass the firewall, Patch Guard (the Kernel Patch Protection technology in x64 Vista) and rootkit demonstrations.
“We will present new, practical methods for compromising Vista x64 kernel on the fly and discuss the irrelevance of TPM/Bitlocker technology in protecting against such non-persistent attacks. Then we will briefly discuss kernel infections of the type II (pure data patching), especially NDIS subversions that allow for generic bypassing of personal firewalls on Vista systems. People say that once an attacker gets into the kernel, the game is over and we should reinstall the whole system from scratch. In this presentation we show that sometimes we cannot know that the game is actually over, so we do not even know when to stop trusting our systems. In order to change this we need something more then just a bunch of patches,” reads an excerpt from the “IsGameOver(), anyone?” synopsis.
Rutkowska and Tereshkin will also present malware in virtualization-based scenarios, with an emphasis on the fact that such a threat still lacks detection measures. Additionally, a group of security researchers have challenged Rutkowska to permit an on stage detection of her Blue Pill. Thomas Ptacek the co-founder of Matasano Security, Nate Lawson, security expert with Root Labs and Peter Ferrie Symantec Sr. Security Response Engineer claim that they will detect Rutkowska’s undetectable Blue Pill. Rutkowska has already agreed to the challenge, but wants quite a lot of money to do it, in excess of $300,000.
Microsoft, Windows Vista, Vista x64, Security, Hackers, Articles