Dailydave mailing list archives
Blue Pill (abusing AMD's virtualization to write rootkits)
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 29 Jun 2006 04:41:01 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just got back from inhaling the sands of the Sahara desert for a bit (mmm, gritty). I noticed that people are finally banging back at MS for their weird "responsible disclosure is an industry standard" fallacy. The only person Microsoft managed to convince of this was, oddly enough, Jeniffer Granick. I have to assume that's because she's tight with Chris Wysopal, who's now, I would imagine, at Veracode chewing through VC funds. The terms in Microsoft advisories that HDM rankled at always annoyed me too - largely because they were a massively huge monopoly picking publicly on people who are, for the most part, 15 years old independent researchers. It's unseemly and unworthy of a company that wants to do business with the world as a trusted partner to act that way. In a similar vein Thomas Ptacek wrote on his company's weblog that "*Microsoft could buy a year of the entire vulnerability research community for less than $80MM <http://www.matasano.com/log/231/vulnerability-research-in-numbers/>, even at premium rates.* That?s less than the cost of a mediocre security startup." In response, I can only think of one of Daniel Keys Moran's conversations in "The Last Dancer" (roughly paraphrased here from memory): Obodi: Who hires the best hackers? Michelle: No one hires the best hackers. Obodi: We hired you. Michelle: I work for you because I believe in your cause. Otherwise you couldn't _afford_ me. This is one of the benefits of being non-VC funded. Immunity is quite literally not for sale. VM Based rootkits are hot right now. Joanna mentions a few things in this article about her new VM-based rootkit. I know Dino is also talking about similar things soon (at BlackHat)? http://www.eweek.com/article2/0,1895,1983037,00.asp I guess it's a permanent thing that a new operating system comes out with new security features and people point out that those features don't, in any sense of the word, work. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEo5IcB8JNm+PA+iURAq4vAKC5PRuFOsOCvOGMk6xQn+K2acE72QCg5+bP g0FkrmW9oilP1l0X8QThgyY= =nTX/ -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Blue Pill (abusing AMD's virtualization to write rootkits) Dave Aitel (Jun 29)
- Re: Blue Pill (abusing AMD's virtualization to write rootkits) Joanna Rutkowska (Jun 29)
- Re: Blue Pill (abusing AMD's virtualization to write rootkits) Joanna Rutkowska (Jun 29)
- Re: Blue Pill (abusing AMD's virtualization to write rootkits) Joanna Rutkowska (Jun 29)