Win7 unfixable loophole?

Source http://gear.ign.com/articles/976/976242p1.html

Is this boggus or real? And is it really unfixable? How exactly does it works?

Is it like somekind of seperate boot sequence to modify Win7 security data, thus, allows further attacks? If this is true, how is this a loophole? Because from the way I see it, you may as well boot to MacOS and change Win7 data is the same trick, and this would mean I can attack any OS as well. Unless you bitlock the entire OS partition, any OS is at risk. Anyway, I am not a security guy. Can someone explain what going on with this new security issue? Thank you.

it runs on boot, yet doesn't need the HDD...

so you'd need physical access to the PC on boot to do anything?

oh wow... worrying (or that article is misleading)

GoddersUK said:

it runs on boot, yet doesn't need the HDD...

so you'd need physical access to the PC on boot to do anything?

oh wow... worrying (or that article is misleading)

GoddersUK said:

it runs on boot, yet doesn't need the HDD...

so you'd need physical access to the PC on boot to do anything?

oh wow... worrying (or that article is misleading)

elmer said:

GoddersUK said:

*snip*

Actually, it is worrying.

Having your notebook stolen, losing it, or even having someone access it while you are away from it, despite it being turned off... Industrial espionage, spys, etc, would all value a hack that give access and leaves no trace.

PaoloM said:

elmer said:

*snip*

That's why you use BitLocker. Problem solved.

elmer said:

PaoloM said:

*snip*

Not my area of expertise... in fact... I'm not even close.

Just saying that a hack which gave access and left no trace would be very useful and valuable for bad guys.

I'd have to leave it to other to decide if this actually meets that goal.

http://www.nvlabs.in/uploads/projects/vbootkit/vbootkit_nitin_vipin_whitepaper.pdf

PaoloM said:

elmer said:

*snip*

But it's not a "real" hack. You need physical access at boot, unencrypted volumes, an unaware user (that somehow was not there when booting the machine?) and it goes away at the next reboot.

Hardly something to worry about, especially since it's a technique that would work with any OS.

You need physical access at boot, unencrypted volumes, an unaware user (that somehow was not there when booting the machine?) and it goes away at the next reboot.

But that is "exactly" the point isn't it ?

You "lose" your notebook, or have it stolen, or leave it in the office (turned off) while you go to a meeting,

Anything which allows someone to gain physical access... excellent.

"Steal" a notebook, and then heroically "return' it, or get into someone's office while they are out - the user now doesn't know if the data has been read. It has even been suggested that if you have sufficient access rights, you may even be able to bypass encryption... but that's not something I'm convinced about yet.

The fact that it works with any OS doesn't make it any less of a threat, and I'd imagine MS security teams recognise that.

If you have unrestricted physical access to a computer then by all definitions you "own" that machine in the most intimate way possible. The machine cannot be trusted from a security perspective after that point and you can safely assume that it could have been modified in any number of ways.

Every new OS release there is always a new "HUGE SECURITY HOLE!" find at the last minute (e.g. Vista, XP) that always invovled unrestricted physical access or software running as root initally. Totally stupid "Technology journalism" (lol) hype.

PS - Although ironically Windows 7's horrible UAC implementation might actually result in a "HUGE SECURITY HOLE" that people are entirely justified to discuss.


edit: I looked at their research and it isn't even an exploit in Windows. It just injects a new MBR which is run before the OS is launched and thus dirties the OS's code on up. I will grant that they did good work to get Windows running with their code in place but ultimately this is a "problem" with the platform (all Operating Systems).

ManipUni said:

If you have unrestricted physical access to a computer then by all definitions you "own" that machine in the most intimate way possible. The machine cannot be trusted from a security perspective after that point and you can safely assume that it could have been modified in any number of ways.

Every new OS release there is always a new "HUGE SECURITY HOLE!" find at the last minute (e.g. Vista, XP) that always invovled unrestricted physical access or software running as root initally. Totally stupid "Technology journalism" (lol) hype.

PS - Although ironically Windows 7's horrible UAC implementation might actually result in a "HUGE SECURITY HOLE" that people are entirely justified to discuss.


edit: I looked at their research and it isn't even an exploit in Windows. It just injects a new MBR which is run before the OS is launched and thus dirties the OS's code on up. I will grant that they did good work to get Windows running with their code in place but ultimately this is a "problem" with the platform (all Operating Systems).

BitLocker will only slow an attacker down, which ultimately is its benefit. It secures in the same way a wall safe safeguards your valuables, it just adds minutes that the bad guys have to use getting to them. No security is foolproof and never will be.

Microsoft's secure computing initative was meant to "solve" these issues but since it wasn't widely adopted for a fair number of legitimate reasons then you're on your own.

If you really want your data secure then frankly don't let your laptop/machine get taken to begin with. After they have your machine they will get the data out of it. End of story.

PS - OS wide encryption is snake oil anyway. Just use either per file encryption or per partition, then you'll get strong encryption without the by-design holes in it. Or better remotely download (and expire) files as needed over a secure pipe.

Thanks for the clearifications. So, it is indeed a boot security hack. I don't care about this kind of attacks. This is rather stupid because it is not even running Windows. Any OS would be hacked by this. If you want to prevent boot hacker, use motherboard security. Of course, this still won't stop hackers if they took out HDD, but at least you prevent over network attacks or those 007 quick file stealings.

I agree that once you lost your notebook, you are done for. A hacker would have all the resources to modify hardware and everything. Just like cracking a Xbox, install a mod chip. There is always a way to crack it when the hacker has full access to everything. It is just matter of time.

For security, I guess thin client will be the only solution. Never let the computer to store passwords and access data through web, Sky Drive, or Live Mesh. Just let them steal a basically empty notebook (it is good for resell also ).

oh nose.  If you get someone to type "del *.* /q" from a console you can delete all user data.  This hack is totally unfixable too.  Anyone notice these blogs always come out before next version of windows.  hmmm, so do apple commercials.  Wonder if they are related? 

Remember when Vista came out how there was this big unfixable hack that allowed people total access to your PC from afar? No? Exactly.

Simple: create a BIOS password that locks before the boot process.

Problem solved, no need for software.

I think I like the bitlocker approach. Honestly, Microsoft should enable whole drive encryption by default with its Professional editions of the OS. Especially since newer CPUs have hardware accelerated AES encryption. That stuff is sweet. I completed a project to standardize on TrueCrypt on all corporate laptops. The hardware acceleration on the newer i5 chips really were quite nice.

It scares me all the stories you hear about random government agencies losing laptops with personal info on it. Technological fix please.