Re: Whitepaper: Implementing and Detecting a PCI Rootkit

[sinan.eren () immunitysec com]

let me rephrase what i meant; there will be no ROM that the runtime OS can 
interface with. 
sure, if you interface directly to the board or the non-volatile 
memory component thats another story. Our goal is not to hide 
from the investigator (a.k.a the human) but to hide from the agent 
(a.k.a the software: AV, rootkit detectors etc).

so regarding Dan Moniz's suggestions, brilliant stuff! but nothing that we 
will invest (or even effort).

On Thu, 16 Nov 2006, Dave Korn wrote:

> On 16 November 2006 18:47, sinan.eren () immunitysec com wrote:
>
> > I should also note that when you have a FPGA based solution, there is no
> > ROM to be investigated for potential malware.
>
>  :)  How precisely do you suppose an FPGA gets re-programmed at power-on
> time?  They're generally volatile, remember...
>
>    cheers,
>      DaveK
> -- 
> Can't think of a witty .sigline today....
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave