Hacker Defeats Hardware-based Rootkit Detection

Hacker Defeats Hardware-based Rootkit Detection 126

Posted by CmdrTaco on Sunday March 04, 2007 @12:00PM from the immovable-object-vs-unstoppable-force dept.

Manequintet writes "Joanna Rutkowska's latest bit of rootkit-related research shatters the myth that hardware-based (PCI cards or FireWire bus) RAM acquisition is the most reliable and secure way to do forensics. At this year's Black Hat Federal conference, she demonstrated three different attacks against AMD64 based systems, showing how the image of volatile memory (RAM) can be made different from the real contents of the physical memory as seen by the CPU. The overall problem, Rutkowska explained, is the design of the system that makes it impossible to reliably read memory from computers. "Maybe we should rethink the design of our computer systems so they they are somehow verifiable," she said."

Hacker Defeats Hardware-based Rootkit Detection

This discussion has been archived. No new comments can be posted.

Search 126 Comments Log In/Create an Account

Comments Filter:

Re:Why does this chick get so much press on Slashd (Score:2, Funny)

by Hal_Porter ( 817932 ) writes: on Sunday March 04, 2007 @12:55PM (#18227220)

To be honest though, the sharp knees ruin it for me.

Plus when you think about it, sperm is the ultimate malware.

She's a girl (Score:5, Funny)

by LS ( 57954 ) writes: on Sunday March 04, 2007 @01:09PM (#18227342) Homepage

and reasonably cute, blah blah basement blah blah over 30 blah blah imaginary blah blah

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Hacker Defeats Hardware-based Rootkit Detection 126

Hacker Defeats Hardware-based Rootkit Detection More Login

Hacker Defeats Hardware-based Rootkit Detection

Re:Why does this chick get so much press on Slashd (Score:2, Funny)

She's a girl (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot