__/ [ Tom Shelton ] on Saturday 14 October 2006 00:37 \__
>
> Roy Schestowitz wrote:
>> __/ [ Roy Culley ] on Saturday 14 October 2006 00:09 \__
>>
>> > begin risky.vbs
>> > <1160780646.626981.315300@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
>> > "Tom Shelton" <tom_shelton@xxxxxxxxxxx> writes:
>> >>
>> >> You might want to take a look at "Blue Pill". The prototype was
>> >> Vista,x64 but according to the above Black Hat:
>> >>
>> >> <Quote>
>> >> Rutkowska stressed that the Blue Pill technology does not rely on
>> >> any bug of the underlying operating system. "I have implemented a
>> >> working prototype for Vista x64, but I see no reasons why it should
>> >> not be possible to port it to other operating systems, like Linux or
>> >> BSD which can be run on x64 platform," she added.
>> >> </Quote
>> >>
>> >> This is one that maybe the Linux people should be worried about as
>> >> well.
>> >
>> > And I'm sure they will. I read about Blue Pill a couple of months or
>> > more ago but little has been mentioned of it since. Is it a viable
>> > attack vector or not?
>>
>> I can only see Windows mentioned.
>>
>> http://en.wikipedia.org/wiki/Blue_pill_%28malware%29
>>
>> The last time I heard about a 'flaw' that compromised Apple's OS X and
>> GNU/Linux it was "a joke" (Firefox FUD). It seems like trolling
>> (hypothetical) which intensifies the magnitude of the issue and attracts
>> media attention.
>>
>> Best wishes,
>>
>> Roy
>
> I meant to post the link to the quote and forgot. The quote - from the
> author of Blue Pill - came from:
>
> http://www.eweek.com/article2/0,1895,1983037,00.asp
I could recall that, at the time, some doubt was cast. The Wikipedia page
links to:
http://www.virtualization.info/2006/08/debunking-blue-pill-myth.html
I think you've just mentioned this, actually. There are many doubts when the
east-European hackers (they are really good by the way; see
http://www.infoworld.com/article/06/10/13/42OPanalysts_1.html) argue there's
a flaw. Another recent example would be that Apple so-called wi-fi flaw.
Let's not get into conspiracy theory, but a lot of these 'hacks' are
lavishly publicised in Microsoft-sponsored conferences (more latterly
Firefox was a victim of slander). And Microsoft employs some of these
folks..
Microsoft Secures Vista With LSD
,----[ Quote ]
| In 2003, the group of four Polish security researchers discovered
| the vulnerability that would later be used by others to unleash the
| Blaster worm, but because of distrust over Microsoft's willingness
| to address software flaws at the time, members had to be coaxed
| into sharing their findings.
|
| The group, known as LSD, is now on Microsoft's payroll...
`----
http://www.eweek.com/article2/0,1759,2001963,00.asp?kc=EWRSS03119TX1K0000594
Best wishes,
Roy
--
Roy S. Schestowitz | Kernel panic - more exciting than being /.'ted
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
roy pts/3 cg001a.halls.man Fri Oct 13 20:07 still logged in
http://iuron.com - proposing a non-profit search engine
|
|
