Security researcher Peter Kleissner has managed to bypass User Account Control on Windows 8 through the use of a small 14KB piece of code.

According to ZDNET Peter’s hack is believed to be the first proof-of-concept that has found a vulnerability in Microsoft’s new operating system which will launch in 2012.

After the exploit has been launched the OS operates under the SYSTEM account which then lets a hacker run a command prompt where they can defeat the User Account Control by avoiding the user prompt.

The Windows 8 OS is currently in Beta testing and the exploit will likely be fixed ahead of shipping however the small size of the code and the ease for which it was executed still deal a small humiliating blow to Microsoft as the company continues to emphasize their platforms stronger security standards via Windows Defender improvements.

Included with the new system is a real-time detection and protection suite along with a SmartScreen filtering system for Windows 8 and security improvements to Internet Explroer.

Here’s Peter Kleissner showing off the hack:

[via Electronisa]

Windows 8 Bootkit Exploit Already Discovered [Video Demonstration] is a post from: The Inquisitr

It seems that one of the autofill features allows you to have web forms automatically filled, even if you have never been to the site before, by pulling in your information from your Address Book card. The danger, as outlined by Jeremiah Grossman using a very simple exploit, is that malicious sites could create hidden dynamic form text fields which would then be populated with your information using Javascript A-Z keystrokes.

As shown in the proof-of-concept code (graciously hosted by Robert “RSnake” Hansen), the entire process takes mere seconds and represents a major breach in online privacy. This attack could be further leveraged in multistage attacks including email spam, (spear) phishing, stalking, and even blackmail if a user is de-anonymized while visiting objectionable online material.

Sometimes the best hacks are the simplest ones but it also goes to show that security problems are just the providence of any one tech company.

image courtesy of 9 to 5 Mac

Apple Safari is a hacker’s info harvesting dream is a post from: The Inquisitr

Researchers at Invisible Things Lab presented information at the CanSecWest conference on Thursday in Vancouver about a security exploit that could comprise computers running on Intel processors. The exploit involves the poisoning of of the cache of a CPU operating in System Management Mode (SMM). They also noted that this was the third such types of security exploits that the team had found affecting Intel based computers in the last ten months.

The SMM exploit works by poisoning the chip’s cache memory which would allow for forced access to SMM, one of the most privileged CPU modes on x86 architectures. Even operating systems can’t access SMM – the mode that handles certain errors, power management and other features.

The potential consequence of attacks on SMM might include SMM rootkits, hypervisor compromises, or OS kernel protection bypassing, they said.

Intel has been working on a solution to prevent caching attacks on SMM memory, and a spokesperson has said that many new systems are protected against the exploit. But, writing in their paper, Rutkowska and Wojtczuk said: “Some of Intel’s recent motherboards, like the popular DQ35, are still vulnerable to the attack. Additionally, the workarounds that Intel has mentioned to us are not yet officially documented.”

Source: SC Magazine – Intel CPU exploit threatens PCs worldwide

Time to bloated Norton solution in 3 …. 2 …. 1…..

CPU poisoning affects Intel systems is a post from: The Inquisitr