[SGVLUG] Security researcher defeats Windows 8 secure boot
mathew_2000 at yahoo.com
Thu Nov 17 10:13:05 PST 2011
fyi - ( please read last paragraph on why it matters to you )
Security researcher defeats Windows 8 secure boot
At the upcoming MalCon security conference in Mumbai, Austrian independent developer and security analyst Peter Kleissner is scheduled to release the first known "bootkit" for Windows 8—an exploit that is able to load from a hard drive's master boot record and reside in memory all the way through the startup of the operating system, providing root access to the system. The exploit allegedly defeats the secure boot features of Windows 8's new Boot Loader. Kleissner will also present a paper called "The Art of Bootkit Development."
Windows 8's boot loader has added a number of security features to prevent malware and security breaches, including a measure that requires any software loaded at boot time to be authenticated with a valid digital signature. Microsoft advertised this feature as a malware killer, because it would in theory block any unsigned software from loading into memory before startup. But the new boot loader has caused concern in the open-source world, because Linux distributions such as Red Hat and Ubuntu don't come with a digital signature.
More information about the SGVLUG