Re: Nitin Kumar & Vipin Kumar: "please remember to give necessary credit to the authors" PKB.

On 26 April 2007 22:29, Joanna Rutkowska wrote:

> If I'm mistaken and if this attack worked indeed on Vista with
> Bitlocker/TPM enabled, then it would be a *very* nice piece of work! But
> it clearly seems it does not...

  I can't say for certain, but I don't see them claiming to have defeated it,
so I think you're most likely right.
 
> Personally I prefer attacks which allow one to get into kernel on the
> fly, without reboot ;) 

  Heh, I have the facilities available to me to write custom USB devices.
I've managed to make the kernel divide by zero entirely accidentally, but I
haven't had time to try finding an exploitable overflow.  I just *know* they
must be there, though.

> Still, however, I must say I very much enjoyed
> the work by Derek Soeder and also later by John Heasman -- please note
> however that they did not present it as "kernel compromising attacks",
> but rather as "persistence technology for malware"...

  I was very impressed by their ndis-hooking keylogger and its simple
technique for exfiltration.  Although I'm sure quite a lot of IDSen will trip
on it, it may not be covert, but it is very clever, and done in a very small
amount of code.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....