Dailydave mailing list archives
Re: Blue Pill (abusing AMD's virtualization to write rootkits)
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Thu, 29 Jun 2006 23:20:18 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave Aitel wrote: /.../
http://www.eweek.com/article2/0,1895,1983037,00.asp I guess it's a permanent thing that a new operating system comes out with new security features and people point out that those features don't, in any sense of the word, work.
I need to clarify it again: blue pill does not rely on any bug in the underlying OS, so it's not a MS fault ;) As to the attack for bypassing the kernel protection... well, it's just extremely hard to change a general purpose OS into a very secure system with 100% protected kernel. MS did a right (IMHO) step towards securing the kernel and this is *good*. Please remember that just a few months ago there was a presentation at CanSecWest about how to insert arbitrary code into BSD kernel (thus bypassing its famous securelevel protection) by exploiting another design flaw (SMM vs. X Server)... joanna. -----BEGIN PGP SIGNATURE----- iD8DBQFEpEQLORdkotfEW84RAjF5AKC/AtI6z4OKHF1Jt7Qnij5bSahRlwCePF4Y 5of/RmalXBUTNlpNMxzKGbw= =svRw -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Blue Pill (abusing AMD's virtualization to write rootkits) Dave Aitel (Jun 29)
- Re: Blue Pill (abusing AMD's virtualization to write rootkits) Joanna Rutkowska (Jun 29)
- Re: Blue Pill (abusing AMD's virtualization to write rootkits) Joanna Rutkowska (Jun 29)
- Re: Blue Pill (abusing AMD's virtualization to write rootkits) Joanna Rutkowska (Jun 29)