[Code-Crunchers] detecting blue pill and BH challege

Sebastian Krahmer krahmer at suse.de
Tue Jul 3 03:04:08 CDT 2007 

On Tue, 3 Jul 2007, Gadi Evron wrote:

> >campaign for Mrs. Rutkowska ;-)
> >
> >So lets stop discussing things which are impossible from either side :)
> 
> Whether you are right, or wrong - you just claimed impossibility. Are
> you any better than claims of 100% ?  :)
Well, its math. For some things you can prove that
you cant say 'yes' or 'no' to a certain question. :-)
I can ask my prof for an exact prove if you like :)

l8er,
S.

> 
> >
> >l8er,
> >S.
> >
> > > > >The problem is: if she is right and she can make it 100% invisible,
> > > > >how will she proove that she indeed installed a rootkit?
> > > > >A 100% invislble rootkit is useless. Its the NULL-rootkit.
> > > > >Its pure math, you cannot win ;-)
> > > >
> > > >Only if you want proof. Then, the rootkit can prove it is there. :)
> > > 
> > > Right.  It can display a message or something, though that proves only
> > > that something is running.  It might be just a little TSR that displays a
> > > message.  We would have have to trust her on that.
> > > 
> > > >The on ething that bugs me through-out all of this: this is never 100%.
> > > 
> > > Which is exactly our claim - it cannot be done 100% in hardware.
> > > Software, of course, is another matter entirely, but no-one is even close
> > > to that yet.
> > >  
> >> _______________________________________________
> > > Code-Crunchers mailing list
> > > Code-Crunchers at whitestar.linuxbox.org
> > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
> > > 
> >
> >-- 
> > ~
> > ~ perl self.pl
> > ~ $_='print"\$_=\47$_\47;eval"';eval
> > ~ krahmer at suse.de - SuSE Security Team
> > ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
> >
> >_______________________________________________
> >Code-Crunchers mailing list
> >Code-Crunchers at whitestar.linuxbox.org
> >http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
> 
> 

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer at suse.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

More information about the Code-Crunchers mailing list