Igor Delovski Board

[delovski]

Hacker Defeats Hardware-based Rootkit Detection

"Joanna Rutkowska's latest bit of rootkit-related research shatters the myth
that hardware-based (PCI cards or FireWire bus) RAM acquisition is the
most reliable and secure way to do forensics.

At this year's Black Hat Federal conference, she demonstrated three different
attacks against AMD64 based systems, showing how the image of volatile
memory (RAM) can be made different from the real contents of the physical
memory as seen by the CPU. The overall problem, Rutkowska explained, is
the design of the system that makes it impossible to reliably read memory
from computers. "Maybe we should rethink the design of our computer systems
so they they are somehow verifiable," she said."

[delovski]

Slashdot: Rutkowska Faces 'Blue Pill' Rootkit Challenge

"Three high-profile security researchers — Thomas Ptacek of Matasano
Security, Nate Lawson of Root Labs and Symantec's Peter Ferrie — have
issued a challenge to Joanna Rutkowska to prove that her 'Blue Pill'
technology can create "100 percent undetectable" malware. The Black Hat
2007 challenge will feature two untouched laptops of the make/model of
Rutkowska's choosing for her to plant Blue Pill on one.

From the article: 'She picks one in secret, installs her kit, sets them up
however she wants,' Lawson explained in an interview. 'We get to install our
software on both and run it, [and] we point out which machine [Blue Pill] is
on. If we're wrong, she keeps the laptop.' No word on whether Rutkowska
will accept the challenge."