Security researches Vipin Kumar and Nitin Kumar announced at the Hack in the Box security conference that they have uncovered a design problem in Windows 7, allowing them to hack right into the operating system. The hackers claim that they can gain control of a Windows 7 computer during the boot up process using a 3KB program called VBootKit 2.0. It works by allowing hackers to change system files loaded into the system memeory. The hack is extremely hard to detect since no hard drive files are ever touched. Once implemented, hackers can change passwords, access files, and basically do whatever they like without leaving a trace. Fortunately for users, this hack cannot be done remotely and requires physical access to a PC.
This isn’t the first design problem Windows 7 has had. Earlier during the development phase, Long Zheng uncovered a UAC design flaw. At first, Microsoft dismissed the security issue but later apologized for its initial reaction and fixed it in later builds. How will Microsoft respond this time? (story Link)
No comments:
Post a Comment