As part of its second "Blue Hat" conference, Microsoft invited white-hat hackers to campus to try their hand at cracking Microsoft's code. Six white hatters and more than 1,000 Softies were in attendance for the two-day confab.
Six ethical or "white hat" hackers attended, including noted security expert Dan Kaminsky, Brett Moore of Security-Assessment.com, and David Maynor, a researcher at ISS (Internet Security Systems) Inc., Toulouse said.
Maynor, who works for ISS' X-Force team in Atlanta, Ga., said he showed Microsoft developers and executives how an attacker could use a USB device to load attack code directly into the memory of Windows machine and force it to run by taking advantage of the DMA (Direct Memory Access) rights assigned by Windows.
"The DMA vector was the most devastating in my talk because it is hard for just Microsoft to address it. They need support from hardware vendors as well," he said.
Maynor said Microsoft is working on a more secure model for handling peripheral devices, and may add security checks as a component of the company's USB device driver signing program in the future.
0 comments:
Post a Comment