I read through the article a couple of times to try and get the purpose - and failed. (I'm getting too old!!)
If I had physical access to someones computer I would, like many average users, find it easy to bypass the OS password and have access to any files therein. Did I misunderstand something?
The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected. .
It does sound very bad indeed a major flaw in the OS . Vbootkit 2.0: Attacking Windows 7 via Boot Sectors
This talk will introduce a new tool which allows attacks against Windows 7 via boot sectors. In this talk we will demo Vbootkit 2.0 in action and show how to bypass and circumvent security policies / architecture using customized boot sectors for Windows 7 (x64). The talk will cover:
() Windows 7 Boot architecture
() Vbootkit 2.0 architecture and inner workings
() insight into the Windows 7 minkernel
We will also demonstrate:
() The use of Vbootkit in gaining access to a system without leaving traces
() Leveraging normal programs to escalate system privileges
() Running unsigned code in kernel
() Remote command & Control
All this is done, without having any footprint on the HDD (everything is in memory). It also remains invisible to all existing anti-virus solutions. Link Removed due to 404 Error
Posted by Link Removed due to 404 Error
in Link Removed due to 404 Error
I am a home user so feel fairly secure this way . Is that a false sense of security ?
For the business community things look very insecure running windows 7 . Am I being an alarmist ?
What are your thoughts on this ?