| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <eh8jlv$uaa$1@sea.gmane.org>
Date: Thu, 19 Oct 2006 20:29:02 +0100
From: "Dave \"No, not that one\" Korn" <davek_throwaway@...mail.com>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: Re: Genetic method to detect the presence of
anyvirtual machine
Bipin Gautam wrote:
> Microsoft Virtual Machine & VMWARE information disclosure
> Vulnerability
>
> Note: Though not limited to these two products, this trick can be used
> as an genetic method to detect the presence of any virtual machine
Gene*R*ic. The word you're looking for is "generic". Genetic means to do
with DNA and stuff. Generic means universal, widespread, non-branded.
> (Query Output inside Microsoft Virtual Machine)
> Motherboard:
> Company Brnad Name: Vmware, Inc VMware
>
> Video Chipset & Video Memory information
>
> System Manufacturer : VMware, Inc
> Product Name: VMware Virtual Platform
> ( Output inside VMWARE )
> Company Brnad Name: Microsoft Corporation Virtual Machine
> Motherboard Modal: Microsoft Corporation Virtual Machine
I think you got the two sets of query outputs mixed up as well.
> Quering just few of the above mentioned information from inside the
> virtual machine can IMMIDIATELY PROVE the presense of virtual machine,
> not the actual system.
True. Is it possible to change them, short of binary patching the vm
executable?
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists