How to Take Over Windows 7
In software security news, experts have demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system. This took place at the Hack In The Box Security Conference (HITB) in Dubai this week.
According to PC World, Vipin Kumar and Nitin Kumar used code they developed to take control of a Windows 7 virtual machine.
The takeover took place while it was booting up.
"There's no fix for this. It's a design problem," Vipin Kumar said, and added that the software he and his counterpart developed exploits a simple, flawed assumption that the boot process of Windows 7 is safe from attack.
In addition to granting access to the computer, the software allows an attacker to increase their user privileges to system level, the highest possible level.
Also potentially troubling for users is that fact that since no files are changed on the hard disk, the back is difficult to detect.
The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, it restores the original, ensuring the attack goes undetected.
But it may not be all that bad in the end. Before you dial up your local Fort Lauderdale computer repair shop in an all-out panic, consider that at least an attacker must have physical access to the victim's computer.
We repeat, the attack can not be done remotely.
Also fortunately, once the computer is rebooted, the infesting program will lose its hold over the computer as data contained in system memory will be lost.
If one of these two gentlemen were there though, they could hack into the system with a program just 3KB in size. From there they can control of the computer by making changes to Windows 7 files loaded into system memory during the boot process.
