funsec mailing list archives
Re: the end is nigh, smm exploit, rootkits, etc. all that fun
From: Bryon Roche <kain () kain org>
Date: Fri, 20 Mar 2009 21:21:46 +0000 (UTC)
On Wed, 18 Mar 2009 17:52:09 -0400, Alex Eckelberry wrote:
Security Researchers Joanna Rutkowska <http://www.blogger.com/profile/07657268181166351141> and Loic Duflot are planning to release a research paper + exploit code for a new SMM (System Management Mode) rootkit that installs via an Intel(r) CPU caching vulnerability. Joanna, of blue pill fame, <http://www.networkworld.com/community/node/18197> reported this on her blog
As I recall, SMM mode is only about as old as the pentium pro... I suppose this puts a thorn in the side of all those new-fangled 'hardware virtualization' systems, but aren't things like imperfectly implemented firmware-driven devices, direct DMA devices (firewire), and the like just as risky given such a partitioned CPU environment? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- the end is nigh, smm exploit, rootkits, etc. all that fun Alex Eckelberry (Mar 18)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun Gadi Evron (Mar 18)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 19)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun der Mouse (Mar 18)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun Bryon Roche (Mar 20)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun Larry Seltzer (Mar 20)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun Gadi Evron (Mar 18)