VISTA.BLORGE
TECH.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

April 30, 2007 |

Windows Vista poor security means business to a security researcher

By Ruben Francia





Windows Vista poor security means business to a security researcherJoanna Rutkowska, senior security researcher for COSEINC, a Singapore-based IT security company, is to demonstrate new kernel attacks against the latest Windows Vista x64 builds, including ways to defeat Trusted Platform Module/BitLocker protection.

The renowned rootkit researcher has quietly started her own security consulting and research firm, and recently announced she will be running two public classes training session called “Understanding Stealth Malware,” on July 28/29 and July 30/31 2006, during the Black Hat Briefings and Training event in Las Vegas.

She said in a post on her blog, Invisible Things:

The training will feature many previously unpublished techniques, implementation details, and of course lots of brand new code, developed especially for the training. The code will include sample rootkits similar to Deepdoor, Firewalk, Blue Pill and Delusion (but redesigned and rewritten from scratch) as well as some more exotic things, like e.g. anti-hardware-forensic attacks.

As the training will be focused on Windows platform and Vista x64 specifically, we will also present some new kernel attacks against latest Vista x64 builds. These attacks, of course, work on the fly and do not require system reboot and are not afraid of the TPM/Bitlocker protection.

The training session, which will be co-presented by researcher Alex Tereshkin, aimed at security and OS developers, forensic investigators and penetration testers, Rutkowska said.

For ethical reasons the training is limited only to “legitimate” companies, thus we require that you specify your official business email address and company’s website when registering for the course, Rutkowska said.

This looks like a good opportunity for Rutkowska.

However, I feel bad seeing Windows users are the biggest looser here. They end up not just buying Vista, the most expensive operating system to date, but also buying security software to compensate Vista security weakness. Worst is that some of them spend millions hiring security consulting firm all because of a lousy product.

Sign up for the BLORGE email newsletter

Related:

  • AMD releases ATI Vista driver patch
  • Microsoft security claims on Vista can lull users into false sense of security
  • $10K hack challenge winner says Vista’s code more secure than Mac’s
  • Microsoft releases info on security changes in Vista SP1
  • Microsoft concedes Vista and Internet Explorer security flaw


    • Entry was posted on Monday, April 30th, 2007 at 6:12 pm under Security, Vista. Print This Post Print This Post

    Read more entries by Ruben Francia.



    2 Responses to “Windows Vista poor security means business to a security researcher”

    1. Windows Vista News » Blog Archive » Windows Vista poor security means business to a security researcher:
      May 1st, 2007

      […] Full article here: Source […]

    2. Filipe:
      May 4th, 2007

      What I feel bad for is for seeing the readers being the biggest looser here. They end up not just being fooled, as Vista is actually cheaper than XP was when it was released (of course in order to know that you have to do something called “research and comparison”), but also lead to think they have to buy more security software just because the writer of this aryicle thought Vista was perfect and didn’t need any security software. Worst is that they call Vista a lousy product just because someone said it’s going to hack it.

    Leave a Reply:

    Copyright © 2007 Engaging and compelling blogs that entertain and inform