Rootkit Could Hide In PCI Cards

← Back to Stories (view on slashdot.org)

Rootkit Could Hide In PCI Cards

Posted by ryuzaki0 on Saturday November 18, 2006 @02:18AM from the or-under-the-bed dept.

Reverse Gear writes "SecurityFocus has an interesting article about a paper published on the possibility of hiding a rootkit in different PCI cards and having the rootkit survive a reboot or cleansing of the hard disk. It seems though that the author of the article doesn't think this would be abused frequently. From the article and paper: '(Because) enough people do not regularly apply security patches to Windows and do not run anti-virus software, there is little immediate need for malware authors to turn to these techniques as a means of deeper compromise.'"

5 of 134 comments (clear)

Min score:

Reason:

Sort:

not sure what I think about this by Pompatus · 2006-11-18 02:32 · Score: 3, Insightful

Moreover, computers that use the Trusted Computing Module to protect the boot process will be immune to this type of rootkit compromise, he wrote.

So basically, this is a well disquised reason to implement the lastest windows DRM

--

----
Squirrel ... It's not just for breakfast anymore
1. Re:not sure what I think about this by empaler · 2006-11-18 03:27 · Score: 3, Insightful
  
  Trusted Computing isn't bad, per se. It's what it is used for.
  I'd love to have uncompromisable equipment.
  Think of it this way; you have a box standing around, just serving. An exploit is found that allows arbitrary code runs, and the particular individual (not a bot) running the arbitrary code scans the hardware, checks it against a list of exploitable units, pulls up the "fix" he needs for that piece of hardware, and bam, you're screwed.
  With TC, you could at least be warned that the equipment is compromised. If you had installed an "unsupported" FW-update to your CD-ROM drive, well, you'd at least know why, but why is the sound card all of a sudden untrustworthy? It seems to work fine...
  But, of course, the emphasis on Trusted Computing isn't end-user security but revenue-stream security. Hooray.
2. Re:not sure what I think about this by Dunbal · 2006-11-18 03:31 · Score: 3, Insightful
  
  Read what it says:
  
  will be immune to this type of rootkit compromise
  
  However the joy of "Trusted Computing" is that when someone finally DOES find a way to crack it, you'll never know and/or never be able to DO anything about it, apart from throw your computer in the trash.
  
  --
  Seven puppies were harmed during the making of this post.
Re:I disagree on this remark: by 4e617474 · 2006-11-18 03:11 · Score: 5, Insightful

Actually, it nagged me enough about software piracy that I switched to Linux.

--
Finally modding someone offtopic when they rant about what "Begging the Question" means: priceless.
Re:Dupe from a year ago. by sm62704 · 2006-11-18 04:26 · Score: 3, Insightful

So it's entirely plausible that Sony actually did try to implement this because at the time they had not yet learned how bad agressive DRM was going to be for their bussiness

Huh? They lost my business, naybe a few other nerds, but I don't see them in chapter 13, 11, or 7. I didn't see anyone go to jail or even fired for it. In fact, I don't see where they sufferred one tiny bit. "He he, we got caught this time. Next time we'll be more careful!"

As will the other slimy, evil multinationals.

--
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest