Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Vista, Rootkits Headline Hacker Confab

    By
    Ryan Naraine
    -
    July 30, 2006
    Share
    Facebook
    Twitter
    Linkedin

      For Microsoft, the coming days of Black Hat Briefings hacker scrutiny in Las Vegas could make or break its claim that Windows Vista is the “most secure operating system ever.”

      The software maker will use the August 2-3 security conference to showcase a wide range of security features and functionality being fitted into the successor to Windows XP.

      But even as the Redmond, Wash., companys hype machine swings into high gear, independent researchers worry that the venerable hacker powwow is being reduced to a glorified product demo for a rich sponsor.

      “Youre not going to learn much from a Microsoft talk. Theyre basically there to do a Vista demo and tell the IT guy that theyve made it harder to break,” said Marc Maiffret, chief hacking officer at eEye Digital Security, in Aliso Viejo, Calif.

      For Maiffret and other Black Hat Briefings veterans, the inclusion of Microsoft on the agenda—an entire day of tracks dedicated to Vista security—dilutes a conference known for the controversial release of zero-day exploits and hacking tools, discussions on novel software cracking techniques and lively debates on flaw disclosure, privacy, defense mechanisms and industry trends.

      “Itll be interesting to see how far Microsoft will go to market Vista, but I dont think anyones going there to listen to Microsoft talk about how great a job they did,” Maiffret said in an interview with eWEEK.

      /zimages/5/28571.gifMicrosoft has a big date set with “Black Hat” hackers. Click here to read more.

      Microsoft has spared no expense in the last few years to convince the world that security is its No. 1 priority, and the Black Hat appearance—which includes a security researcher appreciation party in the swanky Palms Casino hotel—could turn into a very tricky challenge.

      If the four “deeply technical” Vista presentations turn into a security infomercial, Microsoft runs the risk of alienating the very people it needs to impress.

      The mission is straightforward, but crucial: to convince some of the smartest hackers in the world that Windows Vista, the first end-to-end major operating system release in the Trustworthy Computing era, has been truly re-engineered to foil malicious attackers.

      Microsofts presentations promise a comprehensive overview of the security engineering process behind Vista; an explanation of the way the operating system will handle support for 802.11 wireless technologies; an introduction to a re-architected and rewritten TCP/IP stack; and the way Vistas heap manager has been hardened to thwart heap usage attacks.

      Ironically, on the same day of Microsofts Vista track, a security researcher with expertise in rootkits is scheduled to display a new technique for defeating Vistas new device driver signing feature to load a rootkit on the new operating system.

      Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm Coseinc, said her presentation will cover how to insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition) without requiring a system reboot.

      The technique bypasses a new policy implemented by Microsoft to only allow digitally signed drivers to load into kernel.

      Rutkowska will also demo the first working prototype of “Blue Pill,” a new technology that she claims can create “100 percent undetectable malware” by moving the target operating system into a secure virtual machine on the fly.

      “The phrase on the fly is the most important thing about Blue Pill—it makes it possible to install a Blue Pill-based malware without restarting the system and without any BIOS or boot sector modifications,” Rutkowska explained in her aptly titled Invisible Things blog.

      Networking gear vendor Cisco Systems, of San Jose, Calif., also plans to use this years conference to repair its image with the hacking community after the debacle in 2005 when ISS X-Force analyst Michael Lynn resigned on the spot to demonstrate the first-ever example of exploit shellcode in Cisco IOS, a presentation that led to a major legal tussle.

      Like Microsoft, Cisco is listed as a platinum sponsor this year, but the companys products will still be the focus of new vulnerability research.

      /zimages/5/28571.gifVM rootkits: the next big threat? Click here to read more.

      Two talks on the schedule will focus on easy-to-bypass flaws in NAC (Network Admission Control) VOIP technologies embedded in widely used embedded devices, including those sold by Cisco.

      Security researchers at SPI Dynamics, of Atlanta, Ga., plan to pinpoint vulnerabilities in the way RSS clients implement XML feeds.

      The talk, entitled Zero Day Subscriptions, will show how RSS and Atom feeds can be used to deliver malicious exploits to client systems.

      “There are many [RSS readers], local and Web-based, that arent thinking about all possible attack scenarios. Well show how the feed readers can be used to deliver malicious code using RSS,” Caleb Sima, SPI Dynamics chief technology officer and co-founder, told eWEEK in an interview.

      Jeremiah Grossman, CTO of WhiteHat Security in Santa Clara, Calif., plans to share research findings on invisible JavaScript exploit code capable of hijacking cookies, capturing keyboard strokes and monitoring Web site visits.

      /zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×