funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Makes Concessions to Security Software Makers

From: Blue Boar <BlueBoar () thievco com>
Date: Sat, 14 Oct 2006 20:20:23 -0700
Nick FitzGerald wrote:
My understanding of "blue pill" is that it is far from a given that it is actually meaningfully doable. Theoretically, yes, but in a practically workable, distributed/remote attack scenario???
Not sure what you're getting at. Joanna claims to have done it, she just isn't going to share. And keep in mind that it's a retention mechanism, not an attack vector.
You can see how this sort or thing works now, get a copy of VMware Server, and load up a virtual machine. You just loaded a hypervisor behind Windows' back. I believe this is the case, because when I went to do this intentionally recently, VMware complained at me that I had VT disabled in the BIOS, and that it couldn't load the hypervisor. Sure enough, I had to reboot and flip a setting in the BIOS.
And I may just have mentioned two ways to keep Blue Pill from loading in the first place... 

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: