In a follow up to our story last week, where we reported
Microsoft’s plans to let hackers attempt to hack Vista, it would appear that it has been hacked, by a polish woman.
Joanna Rutkowska, a Polish researcher, showed how it was possible to bypass security measures in Vista that should prevent unsigned code from running. The security expert displayed her research to a packed room and christened her malicious software “Blue Pill”. Matrix reference anyone?
A spokesperson for Microsoft was on hand to provide an official reaction:
"Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated. In addition, we are working with our hardware partners to investigate ways to help prevent the virtualization attack used by the Blue Pill."
Rutkowska was quick to quell suggestion that Vista was fully compromised however:
"The fact that this mechanism was bypassed does not mean that Vista is completely insecure. It's just not as secure as advertised. It's very difficult to implement a 100 percent-efficient kernel protection."
There has also been the suggestion that the hacker was sponsored by Intel to perform the work. Everything was developed whilst using AMD technology however she insisted that this was not the case.
Microsoft is coming away from this with a positive outlook. It remains to be seen whether other hackers will be optimistic now that it is clear that Vista can
be hacked or whether Microsoft will be able to patch up all the vulnerabilities exposed at this meeting.
Has Microsoft got egg on their face? Or was this a clever way of developing its product? Let us know in the forums