Slashdot Mirror


Hacker Defeats Hardware-based Rootkit Detection

Manequintet writes "Joanna Rutkowska's latest bit of rootkit-related research shatters the myth that hardware-based (PCI cards or FireWire bus) RAM acquisition is the most reliable and secure way to do forensics. At this year's Black Hat Federal conference, she demonstrated three different attacks against AMD64 based systems, showing how the image of volatile memory (RAM) can be made different from the real contents of the physical memory as seen by the CPU. The overall problem, Rutkowska explained, is the design of the system that makes it impossible to reliably read memory from computers. "Maybe we should rethink the design of our computer systems so they they are somehow verifiable," she said."

2 of 126 comments (clear)

  1. Why does this chick get so much press on Slashdot by Henry+V+.009 · · Score: -1, Troll

    Oh, yeah, the "chick" part. Is that 3 buttons that she's left open in her shirt?

    The basic version of the story for lamers is: since manufacturers for commodity hardware haven't built a special hardware channel for reading the physical memory of the system, the device hacks to do the same thing (PCI cards, usb devices, etc.) can be fooled. What a brilliant woman to deduce that! Genius! I wouldn't mind her barefoot and pregnant in my kitchen, if you know what I mean. *wink* *wink*

    To be honest though, the sharp knees ruin it for me.

  2. Re:Trying to have her cake and eat it too? by Anonymous Coward · · Score: -1, Troll

    Why don't you like girls?