vista still not 100%

[kartel]

" After security researcher Joanna Rutkowska on Thursday demonstrated how it's possible to circumvent security in Microsoft's Vista beta software and install a rootkit called Blue Pill, Microsoft said it intends to find ways to stop both potential threats before Vista ships.

At the Black Hat conference, Rutkowska, security researcher at Singapore-based firm COSEINC, showed that she found a way to bypass the Vista integrity-checking process for loading unsigned code into the Vista kernel. Then she presented Blue Pill, a rootkit she created based on Advanced Micro Devices' Secure Virtual Machine, Pacifica. "

-

Microsoft's director of the Windows client group, Austin Wilson, said Microsoft considers Rutkowska's findings "legitimate" and is looking at the problem.

-

"What she showed was legitimate and a very real threat," Wilson said.

»www.networkworld.com/news/2006/0···ill.html

[fizban2]

you are right, again this is goor reason why MS releases betas and is taking the initative and talking with different black hats and such, this way they can uncover more holes and flaws before they are used for malacious intents.

[Albuquerque]

Agreed. In fact, I'd be worried about this only if Microsoft was trying to hide it or side-step the issue. The simple fact that they owned up to it and said it was due to a flaw in their operating system is very telling to me, and further reinforces my belief that Vista is going down the proper path.

[Xpaninity]

Maybe the article in the following link is old as Microsoft has fixed some reported bugs, but it´s interesting and maybee a bit sad

http://www.symantec.com/enterprise/securit...06/07/post.html (with included 42 pages PDF report)

[fizban2]

Maybe the article in the following link is old as Microsoft has fixed some reported bugs, but it´s interesting and maybee a bit sad

http://www.symantec.com/enterprise/securit...06/07/post.html (with included 42 pages PDF report)

it is an old link,

the versions they test are 5321, 5270 and 5384, there has been time for the exploits listed there to be worked on. the rewriting of the network stack had to happen at some time IPv6 is a very real reality for some companies and for the internet in the near future, all i have to say is **** it is fast, especially going through a gigabit switch to a longhorn server, file transfers just fly

[kartel]

wow I wish I would have known that vista beta 2 was free............can't find it now.........

[Albuquerque]

the versions they test are 5321, 5270 and 5384, there has been time for the exploits listed there to be worked on. the rewriting of the network stack had to happen at some time IPv6 is a very real reality for some companies and for the internet in the near future, all i have to say is **** it is fast, especially going through a gigabit switch to a longhorn server, file transfers just fly

Hmm, interesting... Any numbers you can share?

The company I'm working for has specific "imaging networks"; a gigabit switched setup (Cisco 4509) on it's own VLAN, along with it's own high-capacity imaging server (HP DL580, data-only RAID 5 array on five 15k RPM disks, dual-gig loadbalanced link) that we use to pull down Ghost images for all our workstations.

Our land speed record up to this point is ~2400mb/min, or about 40mb/sec. Now part of that is CPU overhead for decompressing the Ghost image, but I have to assume we're hitting a bottleneck on the physical disk of the workstation we're imaging (that was actually on an IBM T42 with a 7200RPM disk -- our Dell GX620's don't even go that fast with a 7200RPM SATA drive)

Edited August 14, 2006 by Albuquerque

[fizban2]

i can try and ring up a few numbers for you, unfortunately the setup i am working with is not nearly as nice, just a small test lab i have built, i will see what i can get for you

[kartel]

said by »

www.microsoft.com/technet/commun···005.mspx

: To selectively disable Pv6 components and configure behaviors for IPv6 in Windows Vista, create and configure the following registry value (DWORD type):

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisabledComponents

DisabledComponents is set to 0 by default.

The DisabledComponents registry value is a bit mask that controls the following series of flags, starting with the low order bit (Bit 0):

• Bit 0 Set to 1 to disable all IPv6 tunnel interfaces, including ISATAP, 6to4, and Teredo tunnels. Default value is 0.

• Bit 1 Set to 1 to disable all 6to4-based interfaces. Default value is 0.

• Bit 2 Set to 1 to disable all ISATAP-based interfaces. Default value is 0.

• Bit 3 Set to 1 to disable all Teredo-based interfaces. Default value is 0.

• Bit 4 Set to 1 to disable IPv6 over all non-tunnel interfaces, including LAN interfaces and Point-to-Point Protocol (PPP)-based interfaces. Default value is 0.

• Bit 5 Set to 1 to modify the default prefix policy table to prefer IPv4 to IPv6 when attempting connections. Default value is 0. For more information about the prefix policy table, see Source and Destination Address Selection for IPv6, the February 2006 The Cable Guy article.

To determine the value of DisabledComponents for a specific set of bits, construct a binary number consisting of the bits and their values in their correct position and convert the resulting number to hexadecimal. For example, if you want to disable 6to4 interfaces, disable Teredo interfaces, and prefer IPv4 to IPv6, you would construct the following binary number: 101010. When converted to hexadecimal, the value of DisabledComponents is 0x2A.

The following table lists some common configuration combinations and the corresponding value of DisabledComponents.

Configuration combination DisabledComponents value

Disable all tunnel interfaces

0x1

Disable 6to4

0x2

Disable ISATAP

0x4

Disable Teredo

0x8

Disable Teredo and 6to4

0xA

Disable all LAN and PPP interfaces

0x10

Disable all LAN, PPP, and tunnel interfaces

0x11

Prefer IPv4 over IPv6

0x20

Disable IPv6 over all interfaces and prefer IPv4 to IPv6

0xFF

You must restart the computer for the changes to the DisabledComponents registry value to take effect.

--