[Code-Crunchers] detecting blue pill and BH challege
Gadi Evron
ge at linuxbox.org
Mon Jul 2 04:47:15 CDT 2007
On 2007-07-02 09:39+0200, Sebastian Krahmer wrote:
>On Fri, 29 Jun 2007, Gadi Evron wrote:
>
>The problem is: if she is right and she can make it 100% invisible,
>how will she proove that she indeed installed a rootkit?
>A 100% invislble rootkit is useless. Its the NULL-rootkit.
>Its pure math, you cannot win ;-)
>
>S.
Only if you want proof. Then, the rootkit can prove it is there. :)
The on ething that bugs me through-out all of this: this is never 100%.
>
>> Hmm, so what do you think the detection technique is?
>>
>> Let's at least have one bet going here, winner gets free beer once, from
>> each of us who talk about the detection options, and from me, too.
>>
>> http://blogs.zdnet.com/security/?p=334
>> http://blogs.zdnet.com/security/?p=340
>>
>> Gadi.
>> _______________________________________________
>> Code-Crunchers mailing list
>> Code-Crunchers at whitestar.linuxbox.org
>> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>>
>
>--
>~
>~ perl self.pl
>~ $_='print"\$_=\47$_\47;eval"';eval
>~ krahmer at suse.de - SuSE Security Team
>~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
--
"beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi"
- HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.
More information about the Code-Crunchers
mailing list