|
Dailydave
mailing list archives
Re: Blue Pill (abusing AMD's virtualization to write rootkits)
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Thu, 29 Jun 2006 23:20:18 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave Aitel wrote:
/.../
http://www.eweek.com/article2/0,1895,1983037,00.asp
I guess it's a permanent thing that a new operating system comes out
with new security features and people point out that those features
don't, in any sense of the word, work.
I need to clarify it again: blue pill does not rely on any bug in the
underlying OS, so it's not a MS fault ;)
As to the attack for bypassing the kernel protection... well, it's just
extremely hard to change a general purpose OS into a very secure system
with 100% protected kernel. MS did a right (IMHO) step towards securing
the kernel and this is *good*. Please remember that just a few months
ago there was a presentation at CanSecWest about how to insert arbitrary
code into BSD kernel (thus bypassing its famous securelevel protection)
by exploiting another design flaw (SMM vs. X Server)...
joanna.
-----BEGIN PGP SIGNATURE-----
iD8DBQFEpEQLORdkotfEW84RAjF5AKC/AtI6z4OKHF1Jt7Qnij5bSahRlwCePF4Y
5of/RmalXBUTNlpNMxzKGbw=
=svRw
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
| 
Intro
