lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 1 Jul 2007 05:29:31 -0400
From: wac <waldoalvarez00@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: 
	Rutkowska faces ‘100% undetectable malware’ challenge, teasing?

Blah blah blah. Please someone tell Rokowska that we know about what she
calls "blue pill" since we where little kids.

It was exposed *years ago* (1995 to be exact > 12 years) by Mark A. Ludwig
in his Giant Book of Computer viruses Page 391 from American Eagle
Publications, Inc. Chapter "Protected mode stealth"

Basically was moving the operating system into userland and running the
virus in ring-0 making it almost undetectable. It was called Isnt not blue
whatever. Yes well with vanderpool technology should be a lot easier given
the hardware support.

And guess what.. We are still alive even with a POC virus and it's source
code available to the public.

I hate that kind of noisy sensationalist press so much. That guy is always
doing it.
And btw I don't believe such thing to be totally undetectable. There's
always a little catch.

Regards
Waldo


On 6/30/07, Bipin Gautam <gautam.bipin@...il.com> wrote:
>
> hi guys,
>
> ref: http://blogs.zdnet.com/security/?p=334
>
> so are they teasing by making her the impossible challenge at this date?
> :)
>
> honeypot developers have been trying to battle the same issue of
> making the virtual machine emulate guest OS like the it is run in real
> hardware since some years now.
>
> ref: http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
>
>
> But if Rutkowska or anyone is able to succeed to make it undetectable
> in current hardware that would be genius!
>
> -bipin
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ