Coffeehouse Thread

22 posts

Win7 unfixable loophole?

Back to Forum: Coffeehouse
  • User profile image
    magicalclick

    Source http://gear.ign.com/articles/976/976242p1.html

    Is this boggus or real? And is it really unfixable? How exactly does it works?

    Is it like somekind of seperate boot sequence to modify Win7 security data, thus, allows further attacks? If this is true, how is this a loophole? Because from the way I see it, you may as well boot to MacOS and change Win7 data is the same trick, and this would mean I can attack any OS as well. Unless you bitlock the entire OS partition, any OS is at risk. Anyway, I am not a security guy. Can someone explain what going on with this new security issue? Thank you.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    GoddersUK

    it runs on boot, yet doesn't need the HDD...

    so you'd need physical access to the PC on boot to do anything?

    oh wow... worrying Perplexed (or that article is misleading)

  • User profile image
    magicalclick

    GoddersUK said:
    it runs on boot, yet doesn't need the HDD...

    so you'd need physical access to the PC on boot to do anything?

    oh wow... worrying Perplexed (or that article is misleading)
    It is possible to make a virtual partition before restart. Back in the days, Norton Ghost did that to load a dos mode in a virtual partition somehow, and perform backup/recover on my C partition. So basically it will change the boot section in HDD and execute all the bad things in its own virtual partition. But if that's what they are talking about, no OS is protected unless the OS partition is encrypted. That just doesn't make sense to say Win7 is flawed.

    Yeah, I really hope someone can shine a light on this. I am really confused about the whole article. Maybe a boggus article in the end. After all, the article is on a gamming site.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    elmer

    GoddersUK said:
    it runs on boot, yet doesn't need the HDD...

    so you'd need physical access to the PC on boot to do anything?

    oh wow... worrying Perplexed (or that article is misleading)
    Actually, it is worrying.

    Having your notebook stolen, losing it, or even having someone access it while you are away from it, despite it being turned off... Industrial espionage, spys, etc, would all value a hack that give access and leaves no trace.

  • User profile image
    PaoloM

    elmer said:
    GoddersUK said:
    *snip*
    Actually, it is worrying.

    Having your notebook stolen, losing it, or even having someone access it while you are away from it, despite it being turned off... Industrial espionage, spys, etc, would all value a hack that give access and leaves no trace.
    That's why you use BitLocker. Problem solved.

  • User profile image
    elmer

    PaoloM said:
    elmer said:
    *snip*
    That's why you use BitLocker. Problem solved.
    Not my area of expertise... in fact... I'm not even close.

    Just saying that a hack which gave access and left no trace would be very useful and valuable for bad guys.

    I'd have to leave it to other to decide if this actually meets that goal.

    http://www.nvlabs.in/uploads/projects/vbootkit/vbootkit_nitin_vipin_whitepaper.pdf

  • User profile image
    PaoloM

    elmer said:
    PaoloM said:
    *snip*
    Not my area of expertise... in fact... I'm not even close.

    Just saying that a hack which gave access and left no trace would be very useful and valuable for bad guys.

    I'd have to leave it to other to decide if this actually meets that goal.

    http://www.nvlabs.in/uploads/projects/vbootkit/vbootkit_nitin_vipin_whitepaper.pdf
    But it's not a "real" hack. You need physical access at boot, unencrypted volumes, an unaware user (that somehow was not there when booting the machine?) and it goes away at the next reboot.

    Hardly something to worry about, especially since it's a technique that would work with any OS.

  • User profile image
    elmer

    PaoloM said:
    elmer said:
    *snip*
    But it's not a "real" hack. You need physical access at boot, unencrypted volumes, an unaware user (that somehow was not there when booting the machine?) and it goes away at the next reboot.

    Hardly something to worry about, especially since it's a technique that would work with any OS.

    You need physical access at boot, unencrypted volumes, an unaware user (that somehow was not there when booting the machine?) and it goes away at the next reboot.

    But that is "exactly" the point isn't it ?

    You "lose" your notebook, or have it stolen, or leave it in the office (turned off) while you go to a meeting,

    Anything which allows someone to gain physical access... excellent.

    "Steal" a notebook, and then heroically "return' it, or get into someone's office while they are out - the user now doesn't know if the data has been read. It has even been suggested that if you have sufficient access rights, you may even be able to bypass encryption... but that's not something I'm convinced about yet.

    The fact that it works with any OS doesn't make it any less of a threat, and I'd imagine MS security teams recognise that.

  • User profile image
    ManipUni

    If you have unrestricted physical access to a computer then by all definitions you "own" that machine in the most intimate way possible. The machine cannot be trusted from a security perspective after that point and you can safely assume that it could have been modified in any number of ways.

    Every new OS release there is always a new "HUGE SECURITY HOLE!" find at the last minute (e.g. Vista, XP) that always invovled unrestricted physical access or software running as root initally. Totally stupid "Technology journalism" (lol) hype.

    PS - Although ironically Windows 7's horrible UAC implementation might actually result in a "HUGE SECURITY HOLE" that people are entirely justified to discuss.


    edit: I looked at their research and it isn't even an exploit in Windows. It just injects a new MBR which is run before the OS is launched and thus dirties the OS's code on up. I will grant that they did good work to get Windows running with their code in place but ultimately this is a "problem" with the platform (all Operating Systems).

  • User profile image
    elmer

    ManipUni said:
    If you have unrestricted physical access to a computer then by all definitions you "own" that machine in the most intimate way possible. The machine cannot be trusted from a security perspective after that point and you can safely assume that it could have been modified in any number of ways.

    Every new OS release there is always a new "HUGE SECURITY HOLE!" find at the last minute (e.g. Vista, XP) that always invovled unrestricted physical access or software running as root initally. Totally stupid "Technology journalism" (lol) hype.

    PS - Although ironically Windows 7's horrible UAC implementation might actually result in a "HUGE SECURITY HOLE" that people are entirely justified to discuss.


    edit: I looked at their research and it isn't even an exploit in Windows. It just injects a new MBR which is run before the OS is launched and thus dirties the OS's code on up. I will grant that they did good work to get Windows running with their code in place but ultimately this is a "problem" with the platform (all Operating Systems).
    Yep, and Bitlocker (and encryption in general) was supposed to have been a "peace of mind" solution to the issue of physical access, but there are solid claims that it can be defeated. MS's original security response to that was to configure your machine so that it can't be booted to allow access.... and now you can boot and leave no trace... hmmm.

  • User profile image
    ManipUni

    BitLocker will only slow an attacker down, which ultimately is its benefit. It secures in the same way a wall safe safeguards your valuables, it just adds minutes that the bad guys have to use getting to them. No security is foolproof and never will be.

    Microsoft's secure computing initative was meant to "solve" these issues but since it wasn't widely adopted for a fair number of legitimate reasons then you're on your own.

    If you really want your data secure then frankly don't let your laptop/machine get taken to begin with. After they have your machine they will get the data out of it. End of story.

    PS - OS wide encryption is snake oil anyway. Just use either per file encryption or per partition, then you'll get strong encryption without the by-design holes in it. Or better remotely download (and expire) files as needed over a secure pipe.

  • User profile image
    blowdart

    elmer said:
    ManipUni said:
    *snip*
    Yep, and Bitlocker (and encryption in general) was supposed to have been a "peace of mind" solution to the issue of physical access, but there are solid claims that it can be defeated. MS's original security response to that was to configure your machine so that it can't be booted to allow access.... and now you can boot and leave no trace... hmmm.
    No. BitLocker was only supposed to be secure when uncrackable coupled with a TPM chip, otherwise you're always going to be vulnerable to cold boot attacks, software only Bitlocker just makes them more difficult.

  • User profile image
    magicalclick

    Thanks for the clearifications. So, it is indeed a boot security hack. I don't care about this kind of attacks. This is rather stupid because it is not even running Windows. Any OS would be hacked by this. If you want to prevent boot hacker, use motherboard security. Of course, this still won't stop hackers if they took out HDD, but at least you prevent over network attacks or those 007 quick file stealings.

    I agree that once you lost your notebook, you are done for. A hacker would have all the resources to modify hardware and everything. Just like cracking a Xbox, install a mod chip. There is always a way to crack it when the hacker has full access to everything. It is just matter of time.

    For security, I guess thin client will be the only solution. Never let the computer to store passwords and access data through web, Sky Drive, or Live Mesh. Just let them steal a basically empty notebook (it is good for resell also Tongue Out).

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    staceyw

    oh nose.  If you get someone to type "del *.* /q" from a console you can delete all user data.  This hack is totally unfixable too.  Anyone notice these blogs always come out before next version of windows.  hmmm, so do apple commercials.  Wonder if they are related? 

  • User profile image
    BHpaddock

    ManipUni said:
    BitLocker will only slow an attacker down, which ultimately is its benefit. It secures in the same way a wall safe safeguards your valuables, it just adds minutes that the bad guys have to use getting to them. No security is foolproof and never will be.

    Microsoft's secure computing initative was meant to "solve" these issues but since it wasn't widely adopted for a fair number of legitimate reasons then you're on your own.

    If you really want your data secure then frankly don't let your laptop/machine get taken to begin with. After they have your machine they will get the data out of it. End of story.

    PS - OS wide encryption is snake oil anyway. Just use either per file encryption or per partition, then you'll get strong encryption without the by-design holes in it. Or better remotely download (and expire) files as needed over a secure pipe.
    It's a big joke.  It's a theoretical attack that works against any OS.  It's exactly the kind of thing a TPM was meant to protect against.

    Further, if you have a BIOS password, it won't work.  If you have a system start-up password or fingerprint check, it won't work.  If you don't have any drives in the boot path that can be supplied by the attacker, it won't work.  If you have a TPM + BitLocker it won't work.  If you don't give people physical access to your machine it won't work.  And so on...

    It isn't "unfixable."  It's already been addressed years ago.

  • User profile image
    Bas

    Remember when Vista came out how there was this big unfixable hack that allowed people total access to your PC from afar? No? Exactly.

  • User profile image
    SevenSins

    Simple: create a BIOS password that locks before the boot process.

     

    Problem solved, no need for software.

  • User profile image
    intelman

    I think I like the bitlocker approach. Honestly, Microsoft should enable whole drive encryption by default with its Professional editions of the OS. Especially since newer CPUs have hardware accelerated AES encryption. That stuff is sweet. I completed a project to standardize on TrueCrypt on all corporate laptops. The hardware acceleration on the newer i5 chips really were quite nice.

    It scares me all the stories you hear about random government agencies losing laptops with personal info on it. Technological fix please.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.