[Code-Crunchers] detecting blue pill and BH challege
Fionnbharr
thouth at gmail.com
Mon Jul 2 08:11:17 CDT 2007
Reading through the C2D errata there seems to be a couple of
interesting ones that might have a bearing on this discussion.
To be exact AI31, AI75, AI82 and AI88. Love the no work around ;)
On the note of it being 100% undetectable, are we talking about in a
lab or on a mum&dad computer? I know the competition is 5 random
laptops but we can always discuss outside of it.
On 02/07/07, Sebastian Krahmer <krahmer at suse.de> wrote:
> On Mon, 2 Jul 2007, Gadi Evron wrote:
>
> IMHO you can theoretical prove that 100% invisible is not
> possible. Its like that you cant prove that you wrote
> the most optimizing compiler or you solved the
> halting problem. Its just 100-eps% and eps is very small
> and depends on how clever your counterpart is.
>
> l8er,
> S.
>
> > On 2007-07-02 09:39+0200, Sebastian Krahmer wrote:
> > >On Fri, 29 Jun 2007, Gadi Evron wrote:
> > >
> > >The problem is: if she is right and she can make it 100% invisible,
> > >how will she proove that she indeed installed a rootkit?
> > >A 100% invislble rootkit is useless. Its the NULL-rootkit.
> > >Its pure math, you cannot win ;-)
> > >
> > >S.
> >
> > Only if you want proof. Then, the rootkit can prove it is there. :)
> >
> > The on ething that bugs me through-out all of this: this is never 100%.
> >
> >
> > >
> > > > Hmm, so what do you think the detection technique is?
> > > >
> > > > Let's at least have one bet going here, winner gets free beer once, from
> > > > each of us who talk about the detection options, and from me, too.
> > > >
> > > > http://blogs.zdnet.com/security/?p=334
> > > > http://blogs.zdnet.com/security/?p=340
> > > >
> > > > Gadi.
> > >> _______________________________________________
> > > > Code-Crunchers mailing list
> > > > Code-Crunchers at whitestar.linuxbox.org
> > > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
> > > >
> > >
> > >--
> > > ~
> > > ~ perl self.pl
> > > ~ $_='print"\$_=\47$_\47;eval"';eval
> > > ~ krahmer at suse.de - SuSE Security Team
> > > ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
> >
> >
>
> --
> ~
> ~ perl self.pl
> ~ $_='print"\$_=\47$_\47;eval"';eval
> ~ krahmer at suse.de - SuSE Security Team
> ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
>
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
More information about the Code-Crunchers
mailing list