funsec mailing list archives

Re: the end is nigh, smm exploit, rootkits, etc. all that fun

From: Bryon Roche <kain () kain org>
Date: Fri, 20 Mar 2009 21:21:46 +0000 (UTC)

On Wed, 18 Mar 2009 17:52:09 -0400, Alex Eckelberry wrote:

Security Researchers Joanna Rutkowska
<http://www.blogger.com/profile/07657268181166351141>  and Loic Duflot
are planning to release a research paper + exploit code for a new SMM
(System Management Mode) rootkit that installs via an Intel(r) CPU
caching vulnerability. Joanna, of blue pill fame,
<http://www.networkworld.com/community/node/18197>  reported this on her
blog


As I recall, SMM mode is only about as old as the pentium pro... I 
suppose this puts a thorn in the side of all those new-fangled 'hardware 
virtualization' systems, but aren't things like imperfectly implemented 
firmware-driven devices, direct DMA devices (firewire), and the like just 
as risky given such a partitioned CPU environment?

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

the end is nigh, smm exploit, rootkits, etc. all that fun Alex Eckelberry (Mar 18)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun Gadi Evron (Mar 18)
  - Re: the end is nigh, smm exploit, rootkits, etc. all that fun Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 19)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun der Mouse (Mar 18)
- Re: the end is nigh, smm exploit, rootkits, etc. all that fun Bryon Roche (Mar 20)
  - Re: the end is nigh, smm exploit, rootkits, etc. all that fun Larry Seltzer (Mar 20)