Everyone was so focused on Joanna Rutkowska’s Blue Pill VM rootkit it was easy to overlook one of the more low-hanging security problems that she discovered after 2 hours of work and a mere $250. To get a Microsoft certification to sign a driver that can then be loaded into the kernel, Rutkowska showed attendees on Aug. 1 at Black Hat how little effort was needed for her to get a certificate for a driver. Buggy drivers, one attack vector that Rutkowska said is a problem today, can easily be created and introduced into the wild. She advocated the creation of an authority at Microsoft to require the testing and verification of drivers before certs are just handed out. You can see her “buggy driver” hack here; go to the downloads section and look at IsGameOver.ppt (2007-08-01). The buggy register is shown starting on slide 21. For more on the state of Blue Pill, see my colleague Lisa Vaas’ news coverage here.
Home Latest News