[Code-Crunchers] detecting blue pill and BH challege
Sebastian Krahmer
krahmer at suse.de
Mon Jul 2 02:39:11 CDT 2007
On Fri, 29 Jun 2007, Gadi Evron wrote:
The problem is: if she is right and she can make it 100% invisible,
how will she proove that she indeed installed a rootkit?
A 100% invislble rootkit is useless. Its the NULL-rootkit.
Its pure math, you cannot win ;-)
S.
> Hmm, so what do you think the detection technique is?
>
> Let's at least have one bet going here, winner gets free beer once, from
> each of us who talk about the detection options, and from me, too.
>
> http://blogs.zdnet.com/security/?p=334
> http://blogs.zdnet.com/security/?p=340
>
> Gadi.
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer at suse.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Code-Crunchers
mailing list