[Code-Crunchers] detecting blue pill and BH challege
Gadi Evron
ge at linuxbox.org
Tue Jul 3 03:31:22 CDT 2007
On 2007-07-03 10:04+0200, Sebastian Krahmer wrote:
>On Tue, 3 Jul 2007, Gadi Evron wrote:
>
>> >campaign for Mrs. Rutkowska ;-)
>> >
>> >So lets stop discussing things which are impossible from either side :)
>>
>> Whether you are right, or wrong - you just claimed impossibility. Are
>> you any better than claims of 100% ? :)
>Well, its math. For some things you can prove that
>you cant say 'yes' or 'no' to a certain question. :-)
>I can ask my prof for an exact prove if you like :)
Wait 50 years and he will give you a different one. :)
>
>l8er,
>S.
>
>>
>> >
>> >l8er,
>> >S.
>> >
>> > > > >The problem is: if she is right and she can make it 100% invisible,
>> > > > >how will she proove that she indeed installed a rootkit?
>> > > > >A 100% invislble rootkit is useless. Its the NULL-rootkit.
>> > > > >Its pure math, you cannot win ;-)
>> > > >
>> > > >Only if you want proof. Then, the rootkit can prove it is there. :)
>> > >
>> > > Right. It can display a message or something, though that proves only
>> > > that something is running. It might be just a little TSR that displays a
>> > > message. We would have have to trust her on that.
>> > >
>> > > >The on ething that bugs me through-out all of this: this is never 100%.
>> > >
>> > > Which is exactly our claim - it cannot be done 100% in hardware.
>> > > Software, of course, is another matter entirely, but no-one is even close
>> > > to that yet.
>> > >
>> >> _______________________________________________
>> > > Code-Crunchers mailing list
>> > > Code-Crunchers at whitestar.linuxbox.org
>> > > http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>> > >
>> >
>> >--
>> > ~
>> > ~ perl self.pl
>> > ~ $_='print"\$_=\47$_\47;eval"';eval
>> > ~ krahmer at suse.de - SuSE Security Team
>> > ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
>> >
>> >_______________________________________________
>> >Code-Crunchers mailing list
>> >Code-Crunchers at whitestar.linuxbox.org
>> >http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>>
>>
>
>--
>~
>~ perl self.pl
>~ $_='print"\$_=\47$_\47;eval"';eval
>~ krahmer at suse.de - SuSE Security Team
>~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
--
"beepbeep it, i leave work, stop reading sec lists and im still hearing
gadi"
- HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007.
More information about the Code-Crunchers
mailing list