Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Researcher to demonstrate Vista attacks

Stealth malware techniques adapt to the Vista world.

By Matthew Broersma | Techworld | Published: 10:59, 30 April 2007

Joanna Rutkowska, a security researcher known for picking apart the security mechanisms built into Windows, is to demonstrate new ways for hackers to invade Windows Vista, including rootkit techniques and ways to defeat BitLocker drive encryption.

Rutkowska recently announced she will be running a training session called "Understanding Stealth Malware" during the Black Hat Briefings and Training event in Las Vegas, which runs from from 28 July to 2 August.

The training session, which will be co-presented by researcher Alex Tereshkin, promises to demonstrate new rootkits developed for Vista, ways of defeating hardware-based forensics systems and other techniques Microsoft would probably prefer the world didn't know.

Rutkowska said she, too, is aware of the need for discretion. "For ethical reasons we want to limit the availability of this course to only 'legitimate' companies," she said in a post on her blog, Invisible Things.

Rutkowska isn't against Windows as such, but has a track record of ferreting out its weaknesses. She recently uncovered a number of flaws in Vista's much-hyped User Account Control (UAC) feature, which led Microsoft to declare that the feature wasn't really intended for security after all.

Until recently she was a researcher for Coseinc, but is now in the process of founding a security start-up based in Poland, she said.

Earlier this spring she demonstrated several methods that sophisticated rootkits can use to hide from even the most reliable detection method currently available - hardware-based products that read a system's RAM.

The demonstration in July will cover such methods, but will be more comprehensive, including unpublished techniques, implementation details, new code and sample rootkits.

The target will be Windows and specifically 64-bit Vista, including new kernel attacks against the latest 64-bit Vista builds.

"These attacks, of course, work on the fly and do not require system reboot and are not afraid of the TPM/BitLocker protection," she wrote.

TPM (Trusted Platform Module) refers to security systems with a hardware component built into the processor, designed to improve security and specifically to make copy-protection systems more difficult to circumvent. Rutkowska said the demonstrated techniques would work against copy-protection systems, but that this side of things wouldn't be specifically discussed at the demonstration.

The training is aimed at security and OS developers, forensic investigators and penetration testers, Rutkowska said.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.