In association with heise online

01 August 2006, 18:36

Black Hat Conference: much of Microsoft and a blue pill

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Black Hat Conference, which begins on the morning of August 2, has a special focus this year: an entire track will be devoted to the security of Microsoft's next operating system, Windows Vista, and Internet Explorer 7. Microsoft will be handling all of the presentations in the track; it is also one of the sponsors of the conference. Similarly to previous years, Microsoft wishes to use the Black Hat Conference to convince the elite security specialists attending that Vista is the most secure operating system it has ever produced and that security is also the focus of the further development of Internet Explorer 7.

Rootkit researcher Joanna Rutkowska's speech will therefore be all the more interesting: she will be showing how Vista's kernel protection can be outsmarted. Among other things, Microsoft only allows digitally signed kernel mode drivers to be loaded in the 64-bit version. Rutkowska plans to demonstrate how arbitrary codes can be injected into the kernel without rebooting, despite this protection. In addition, Rutkowska will also be presenting the first working prototype of "Blue Pill". According to Rutkowska, Blue Pill allows the creation of "100% undetectable" malware: during an infection, it simply moves the operating system into a virtual environment while it is running – the computer need not be rebooted, and the user should not notice anything.

The infection remains undetected because antivirus programs cannot look outside of the virtual machine. Microsoft has also developed a similar rootkit it calls SubVirt, which basically installs itself under the operating system it finds and executes the OS in a virtual machine when it is rebooted. Microsoft believes that Virtual Machine Based Rootkits (VMBRs) pose a serious threat for the future. Antivirus programs would then have to be integrated in the hardware or the BIOS in order to provide protection.

But Black Hat also offers something for lay people: according to Jeff Moss, the organizer of the conference, the other speakers will be presenting 25 new tools and 15 new exploits. This year, special attention will be paid to Web 2.0 and the AJAX and JavaScript technologies behind it. Network Admission Control (NAC), which protects networks, will also be getting a thrashing: Ofir Arkin plans to explain some holes that can be used to get around NAC.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit