Vista Hacked

Microsoft are working hard to make Vista the most secure OS yet. recently they gave copies of Vista to researchers at the Black Hat convention (an annual hackers event) in LA and the result was... this

 

Too bad but I don't think anyone expected a 100% secure OS

 

Yeah, would have liked to see it be not so soon, but it was bound to happen.

 

The good thing is that UAC would block it if people took the time and looked at what was going on. I think UAC, no matter how annoying it may be sometimes, is ultimately one of the best things Vista has going for it. I've been running Beta 2 for weeks now without an AV and Windows Defender has yet to find any spyware or adware. I don't get any pop-ups, not even from torrentportal.com, which always throws a pop-up. Firefox can't even boast that in XP. Sure, it may not be 100%, but nothing is. Even OS X and Linux get malicious code from time to time, though nowhere near as much as Windows. But what do you expect from the #1 OS in the world. Everybody uses it, so everybody attacks it. But I expect to see a lot more of this as Vista's release gets closer. But also expect Microsoft to do everything to try to fix it.

 

It's not a big deal that it was hacked. It will be a big deal if the product was released. This is still in the works and Microsoft staged this hacking. They wanted to see what the flaws were before they release. I applaud MS for taking these steps. By release this could be a great OS.

 

Microsoft will never make a secure OS, not becasue their programmers are bad, but becasue the passionate "love to hate microsoft" will always exist with hackers.

 

I don't get any pop-ups there either, with XP and Firefox. Sounds more like your XP system is infected by adware.

And as said above, MS staged this, and the OS is still in beta. Not such a big deal. It just means they're interested in finding these flaws *before*release.

 

I don't really care either way, as I plan on stickin with xp as long as possible (i'll probably just get vista when i buy a pc pre-loaded with it).
M$ will never make a secure OS, and it doesn't bother me, cause 3rd party programs have always been able to get the job done. Plus, vista has all that **** anti-copy protection built-in for music/movies and such.
I'm hopin that once vista is out, there'll be less viruses in the wild for xp, as they'll be designed just for vista (kinda like how windows 98 is more secure than it's ever been, cause nobody makes viruses for it anymore).

 

IT's not just for Windows!. This is a flaw in Virtualization Technology by AMD and Intel in general it can work in any os with vm.

From eweek.com:

 

LOL...that is shocking. I would not be suprised if Vista is delayed again. Microsoft sure have a lot of work to do.

This is kinda off topic, but watch this video taking over a laptop wireless..even more shocking...

 

Symantec Corporate 10.0, Ad-aware SE and Spybot would disagree. Even torrentportal's site says at the top that by registering you can avoid pop-ups. I'm not registered, so it sends a pop-up my way. Firefox allows it nearly every time, but IE7 doesn't, not even in XP. Perhaps I should have said that IE7 is more secure, not neccessarily Vista, but both are technically true.

 

i had truoble with IE7 beta 2 and activex plugins, it was so irritating, has any1 had this as well? has it been fixed in IE7 beta 3?

 

Hmmmm, let's see here now then:

1) Performing this "hack" required hitting "accept" under Administrator (and therefore presumably the Admin entering their password under a standard user account). Which means that it got through in precisely the fashion that it's supposed to. UAC is there for a reason. The hacker didn't circumvent it, they relied on user stupidity, against which there is no protection.

2) It seems like the beta of Vista x64 doesn't yet have the Vista signed driver requirement implemented, since you can still install XP x64 drivers.

So this story essentially says: "A person, running in a mode that they shouldn't typically run in, can circumvent the OS protections by ignoring the warning that pops up on their screen."

Amazing hacking! Brilliant!

 

^ my thoughts exactly. it would be more of a user's fault if thats how they are hacking vista

 

does UAC limit the access that even the administrator has to his own files? Vista has many layers of defense i wouldnt be surprised if it blocks the administartor from administartor priviledges
Google Blue Pill and look at the link 5 from top
Its nice to see that a WOMAN cracked Vista, lol

 

I'm pretty sure what UAC does is run the user as if in limited mode, then prompt to allow something if it requires administrative access.. Kinda like sudo commands in linux. It doesn't actually limit anything the admin wants to do.

 

I also think Microsoft was smart in releasing Vista to be tested, it's like they are having their security reviewed for free...well maybe not for free. But still if the hackers really wanted to do Microsoft harm would be to find the flaws and yet not disclose them to anyone...perhaps they already have. The best way to harm MS is to give them a false sense their OS is perfect, then hit them where it counts. Not that I would agree with it.

 

malware called blue pill was used. Microsoft will have to sort out this issue before Vista comes out. And what about XP? can the blue pill also cause security issues in XP and 2000?

 

This flaw will most likely not be fixed in Vista because the bug is a x86 hardware flaw, it wasn't even Vista. Also keep in mind that, the account needs admin priviledges [disabled by default], and the user has to confirm the installation of it [unfortunately, this one might actually get by a lot of people].

 

I agree, calling this a hack is excessive. As mentioned earlier, it won't work unless the user is incredibly stupid.

Under Vista, the default login account for a user is not administrator but standard. Therefore the hack would require user entry of the admin password to run. The accept button only exists if you are logged in as Administrator, which is something you have to deliberately and specifically do.

 

I don't think anyone doubts that this flaw will be fixed. It's the ones that MS does not know about yet that are scary. Vista is a lot of new code. New code equals security problems. Without the test of time, who knows how many flaws Vista will have. If you want to be secure I would wait until a large security patch is released before jumping on Vista.

 

i totally agree with cashmonee

 

IT's not just for Windows!. This is a flaw in Virtualization Technology by AMD and Intel in general it can work in any os with vm.

From eweek.com: