"Microsoft's bi-annual BlueHat hacker summit saw a demo of a virtual machine rootkit that could be the latest hacker tool. Dino Dai Zovi from pen test company Matasano Security showcased a hardware VM-based rootkit called Vitriol that exploits Intel's VT-x virtualisation extension. This would in theory render Vista's controversial PatchGuard technology useless.
Vitriol works by invisibly running the original operating system in a virtual machine, using a technology dubbed a "rootkit hypervisor" - a piece of code running on the PC chip itself. Zovi showed how Vitriol can migrate a running OS into a hardware virtual machine on the fly, so a user would notice nothing amiss.
The malicious code would be totally inaccessible to the operating system.
"This is a very clever idea, and is certainly something to watch for in the future," said Simon Heron, technical director at Network Box.
"In fairness to Microsoft, this concept would work on pretty much any OS running on Intel chips. Normal rootkits are pretty bad, but this would create some interesting problems."
"The European Commission is considering legislation to control the use of RFID tags. Information society and media commissioner Viviane Reding said Europeans needed reassurance that the radio tags would not be used for surveillance. She announced plans for legislation to ensure privacy concerns are met. "The Communication that I will put before the Commission for adoption at the end of this year will outline the main options for action and a roadmap for a solid legal framework," she said.
Reding made her address as she presented the results of a six-month European study into attitudes towards RFID. "The overriding message that comes out of the consultation is that citizens have concerns over privacy issues," she said. "The large majority are willing to be convinced that RFID can bring benefits, but they want to be reassured that it will not compromise their privacy. This is the deal that we have to strike if we want RFID to be accepted and widely taken up. This is the deal I am looking to make."
Almost 2,200 people took part in the survey. Seventy per cent thought it was important to label tags and give consumers the opportunity to disable or destroy them. RFID vendors argue that self-regulation will be sufficient to stop abuse of the technology, but a mere 15 per cent of people in the survey agreed.
RFID tags are short-range radio chips that can help businesses keep track of stock items Applications from sectors including retail, the NHS, supply chain management and catering are being trialled. US passports also contain the chips.
"As Vista's release draws ever nearer, Microsoft is increasingly bowing to industry and regulatory pressure to ease anti-competitive features of the long-awaited OS. The Redmond giant has finally agreed to give rival security software makers access to the kernel of 64-bit versions of Vista. The main bone of contention has been the new PatchGuard feature, which was designed to protect the kernel code from malicious rootkits.
Third-party vendors, such as Symantec and McAfee, have complained that the feature was a way to lock them out of the kernel and would stifle innovation in the long term. "PatchGuard has already been hacked, and if no legitimate third-party applications can access the kernel, there may be no way to stop hackers once they have done so," a spokesman for Symantec said. "We welcome the announcement that MS will give us access to the kernel code, but no timeline has been given by Microsoft, and Vista is due to ship soon."
Meanwhile, The European Commission has denied rumours that MS Vista would be delayed in Europe due to anti-trust regulations, but insists that no "green light" has been given.
"UK companies are far more concerned about losing confidential data than their US counterparts, a recent survey has revealed. While 57 per cent of UK firms reported the loss of at least one laptop containing sensitive information in the past year, 81 per cent of US companies owned up to a similar incident. Furthermore 93 per cent of UK businesses were worried about protecting data stored on a laptop or server, compared to only 81 per cent of organisations marking it as a high priority in the US.
Vontu, the data loss prevention company that commissioned the survey, said such a variation could be due to the US state notification laws.
Joseph Ansanelli, CEO of Vontu (pictured), said: "Data breaches have become more of a public issue in the US. Companies are now obligated to notify their customers if such a situation arises and, as a result, the whole area has become much more publicised." Vontu launches in the UK this month.
"Retail giant Tesco has entered the anti-virus software market, launching two AV packages as part of a push into budget software for homes and small and medium-sized enterprises.
The supermarket claims its offering, Tesco Software, will "rival the big, existing companies such as Microsoft, Symantec and McAfee".
The range will initially include six titles, each priced at less than £20: an office suite, two security/anti-virus products, a personal finance tool, a CD/DVD burning tool and a photo editing tool. The products will initially be available at selected stores only.
EYE OF THE BEHOLDER
Terror threats have left the British public in favour of wider biometrics use, in spite of widespread confusion about what it actually is.
A recent survey by document and personnel identity specialist TSSI Systems showed 76 per cent of Britons are more in favour of biometrics than they were a year ago, but 58 per cent were unaware that they may be subjected to biometric checks when travelling abroad. Three-quarters of people believe that biometrics is essential for combating terrorism, with only 17 per cent viewing intelligence information as more important.