MBR vunerable to DoS attacks… Isn’t that an issue?

December 26, 2008

MBRs (Master Boot Records) can be a pain in the butt when it comes to Windows, Ubuntu, and switching between the two. If you delete the Linux partition whilst using GRUB, you have lost your ability to boot. I did that a couple days ago and it took me about 8 hours to fix my laptop (Alright, I could of done it in 1 but I wasn’t interested in reinstalling Ubuntu). Turns out Super Grub Disk isn’t all it ought to be (Still having to do with the fact my computer was having errors burning CDs with InfraRecorder, and it wreaked the disk to the point where I stuck it in the drive and nothing would open -> CD DoS Attack?) and I eventually had to give in and use UNetbootin to try it. I tried a bunch of the bootloaders that UNetbootin had to offer, still little luck. They either locked, or said they were booting and weren’t. After a while, I just gave up, installed Ubuntu, and fixed the problem from inside Vista (Fixmbr anyone?). After all this I realized, all it takes is some idiot to run that program wrong, and that computer is unbootable until you want to pay to fix it and really, who has that Microsoft restore CD, manufacturers just include that annoying restore program with no repair functionality?

So if someone were to buffer overflow something, they could run a program with similar functionality that wipes the mbr. I actually think that program can do that! So is there a solution to this problem? I say smarter bios that can read partitions and boot them without a pesky MBR. Or a MBR that can only be overwritten by a program made by the HDD manufacturer (Trustworthy people I say!).

With this comes a bigger issue. With a ruined MBR, your computer is still there somewhere, waiting to be awoke. If you destory the file tables, you’ve lost data. Hmm, couldn’t we implent these in a way that can’t be easily exploited? Come on Micrsoft, people hate you. When they read this, you may have an issue.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: