[Code-Crunchers] detecting blue pill and BH challege
Sebastian Krahmer
krahmer at suse.de
Mon Jul 2 06:09:26 CDT 2007
On Mon, 2 Jul 2007, Gadi Evron wrote:
IMHO you can theoretical prove that 100% invisible is not
possible. Its like that you cant prove that you wrote
the most optimizing compiler or you solved the
halting problem. Its just 100-eps% and eps is very small
and depends on how clever your counterpart is.
l8er,
S.
> On 2007-07-02 09:39+0200, Sebastian Krahmer wrote:
> >On Fri, 29 Jun 2007, Gadi Evron wrote:
> >
> >The problem is: if she is right and she can make it 100% invisible,
> >how will she proove that she indeed installed a rootkit?
> >A 100% invislble rootkit is useless. Its the NULL-rootkit.
> >Its pure math, you cannot win ;-)
> >
> >S.
>
> Only if you want proof. Then, the rootkit can prove it is there. :)
>
> The on ething that bugs me through-out all of this: this is never 100%.
>
>
> >
> > > Hmm, so what do you think the detection technique is?
> > >
> > > Let's at least have one bet going here, winner gets free beer once, from
> > > each of us who talk about the detection options, and from me, too.
> > >
> > > http://blogs.zdnet.com/security/?p=334
> > > http://blogs.zdnet.com/security/?p=340
> > >
> > > Gadi.
> >> _______________________________________________
> > > Code-Crunchers mailing list
> > > Code-Crunchers at whitestar.linuxbox.org
> > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
> > >
> >
> >--
> > ~
> > ~ perl self.pl
> > ~ $_='print"\$_=\47$_\47;eval"';eval
> > ~ krahmer at suse.de - SuSE Security Team
> > ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
>
>
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer at suse.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Code-Crunchers
mailing list