Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
0wning Vista from the boot
Federico Biancuzzi, 2007-04-24

Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.

Comments Mode:
life is not easy for anyone 2007-04-25
oh really? (2 replies)
We all like globalization, but really life is not easy for anyone. Too bad you dont have jobs of your own and need to steal ours. Now you decided to write malware to make more americans lives miserable. You will not get our sympathy, instead of writing malware, try being productive and get a real jo...

[ more ]  [ reply ]
Re: life is not easy for anyone 2007-04-30
Anonymous (1 replies)
What are you talking about ? Its your CEO's who sent jobs outside. 2) What you are getting paid is money you get from Selling coke and pepsi and guns and bullets to same nations 3) What about establishing/funding universities like Yale from money coming from nations when you were 'ruling' them 4) Wh...

[ more ]  [ reply ]
Re: Re: life is not easy for anyone 2007-05-07
Anonymous
Pointless argument, this is a good tool, who cares about the personal lives of the creators. Or the pointless nationality differences of people online....

[ more ]  [ reply ]
Re: life is not easy for anyone 2007-07-13
Anonymous
it's a security tool, they found a vulnerability of windows vista and tell everyone about it, if they only want money probably dont tell anithing about the vulnerability and made viruses to get proofit. (note: sorry for my english)...

[ more ]  [ reply ]
0wning Vista from the boot 2007-04-26
Anonymous (1 replies)
Oops, they forgot to say it's not their code. My, how careless of them.
http://lists.immunitysec.com/pipermail/dailydave/2007-April/
004288.html...

[ more ]  [ reply ]
Re: 0wning Vista from the boot 2009-03-16
Anonymous
wtf these pgs are confusing lol.... y is nothing ever easy... all i want is a full security cover for my windows.... grrrrrrr lol......

[ more ]  [ reply ]
0wning Vista from the boot and ripping EEye codez 2007-04-26
Anonymous (1 replies)
Nitin Kumar & Vipin Kumar: "please remember to give necessary credit to the authors" PKB

http://lists.immunitysec.com/pipermail/dailydave/2007-April/
004288.html

credit to DaveK...

[ more ]  [ reply ]
Re: 0wning Vista from the boot and ripping EEye codez 2007-04-28
Anonymous
EEye does the same thing to others,so what's the buzz now ??????

Hey Dave check the link below for solid reply.
http://fist.immunitysec.com/pipermail/dailydave/2007-April/0
04299.html

...

[ more ]  [ reply ]
Move along, nothing new to see here 2007-04-27
Gordon Fecyk
So you start the machine with a special disk of some kind. Just as the authors pointed out, this is decades old.

How to beat this? Disable booting from other media, or just remove the other drives. How to prevent a BIOS reset? Rivet the case shut already, or buy a padlock for the lock loop on...

[ more ]  [ reply ]
0wning Vista from the boot 2007-04-27
Anonymous
These jokers have just reverse engineered code first used by Derek Soeder and Ryan Permeh of eEye....

[ more ]  [ reply ]
no ripped code in vbootkit (at least yet!) 2007-04-27
Anonymous
The tool who "featured" some ripped code was a 6 months old rootkit for Windows XP.

At the moment nobody has seen vbootkit source code.

If Mr. Kumar will release vbootkit source code we will be able to see if they ripped code or not.

All this noise on lists is just based on a misunderstand...

[ more ]  [ reply ]
Nothing but trick to obtain vbootkit source code!!! 2007-04-28
Anonymous
This is nothing credit but trick to force the authors to release their source code,so that they can modify it & used it for their own purposes.
As far as credit goes boot sector viruses have long history of decades of existence with similar structure.So how Derek can be credited by DaveK.
Its be...

[ more ]  [ reply ]
To the earlier folks who posted : eEye "stole" as well 2007-04-29
Anonymous
Yeah and eEye did not credit the originators either http://lists.immunitysec.com/pipermail/dailydave/2007-April/
004293.html [ Michal Zalewski ] and to the gentleman who talked about stealing jobs, they will steal yours if you maintain your present perspective ;-)....

[ more ]  [ reply ]
Effects on TPM and non TPM Bitlocker Implementations? 2007-04-30
Eoin Miller
I have been hoping more would be divulged about this issue, especially how this impacts Bitlocker. Since Bitlocker requires an unencrypted boot partition, could a bootkit be installed on this partition to keylog the PIN or copy the Bitlocker key file from the USB thumbdrive to the unencrypted partit...

[ more ]  [ reply ]
0wning Vista from the boot 2007-05-01
osd pwnz j00
And this is different than every other bootloader hax because.....?

Wasnt this punked out on rootkit 6 months ago? Or was that every other bootloader that is exactly the same. There is only so many ways you can kick start an os :p...

[ more ]  [ reply ]
0wning Vista from the boot 2007-05-06
Anonymous
Academically interesting but not much of a real threat. Nothing new here. If you own a box physically you own it unless you are running Bitlocker (TPM). This is backed up by statements from the hackers. "It doesn't need any privileges only physical access to the machine." And "The only protection ...

[ more ]  [ reply ]
Physical access doesn't mean you can load unsigned driver,play DRM,HighDef Videos. 2007-05-15
Robert Regal
Things are changing if you have physical access doesn't mean you are the master of your computer.Think, computers are connected nowadays.:)
Think about some of the posibilities:
Why would someone trust Information Rights Management (IRM), a.k.a. DRM for Office?
Now with the extended powers of TPM...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus