Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Defeats Hardware-based Rootkit Detection

Posted by CmdrTaco on from the immovable-object-vs-unstoppable-force dept.

Manequintet writes "Joanna Rutkowska's latest bit of rootkit-related research shatters the myth that hardware-based (PCI cards or FireWire bus) RAM acquisition is the most reliable and secure way to do forensics. At this year's Black Hat Federal conference, she demonstrated three different attacks against AMD64 based systems, showing how the image of volatile memory (RAM) can be made different from the real contents of the physical memory as seen by the CPU. The overall problem, Rutkowska explained, is the design of the system that makes it impossible to reliably read memory from computers. "Maybe we should rethink the design of our computer systems so they they are somehow verifiable," she said."

2 of 126 comments (clear)

  1. Re:Why does this chick get so much press on Slashd by Hal_Porter · · Score: 2, Funny

    To be honest though, the sharp knees ruin it for me.

    Plus when you think about it, sperm is the ultimate malware.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  2. She's a girl by LS · · Score: 4, Funny

    and reasonably cute, blah blah basement blah blah over 30 blah blah imaginary blah blah

    --
    There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie