Exclusive Interview: Going Three Levels Beyond Kernel Rootkits

Status
Not open for further replies.

johnbilicki

Distinguished
Jul 10, 2006
89
0
18,630
I presume 4GB is limiting on a casual-use laptop because Joanna also runs virtual operating systems on her general purpose laptop?

How did you two end up talking about Macs instead of something like rootkits or other things more relative to Joanna's line of work?

As a web developer security is very important though I find it's fairly easy in most regards as attacks, bots, spammers, etc overwhelmingly (though not always) use the same approach methods so there are plenty of patterns that differentiate from normal web traffic. Easy isn't where the fun is though. I'm curious as to the parallels with software in general?
 

johnbilicki

Distinguished
Jul 10, 2006
89
0
18,630
[citation][nom]truehighroller[/nom]I think she has very nice fat looking lips. xD[/citation]

...not to pick a fight truehighroller...but I don't think most women would find such a statement very "welcoming". Nerd girls rock a hundred times more then girls with only cliche interests, but comments such as yours aren't only unwelcome or alienating by most women they annoy those like myself who highly appreciate women with more refined qualities. Show some dignity and respect and stay on topic or please go else where.
 
G

Guest

Guest
Interesting interview, and kudos for treating her as a "security expert" and not as a "female security expert".

In the majority of interviews with young female professionals the interviewer "just have to mention" their hair colour, clothes or makeup. Nice to see a break from that rather tiresome practice
 

Humans think

Distinguished
Jan 15, 2009
178
0
18,680
I also use Macs myself (also windows systems and linux ones), but I had to say it: Alan Dang you sure are an Apple fanboy :p
This woman knows what she is talking about, I think I am in love :)
 
G

Guest

Guest
thx for spending the time to discuss this complex world in easy to understand terminology. good luck with the R-3 presentations!
-austinmc
 

haplo602

Distinguished
Dec 4, 2007
202
0
18,680
read the interview because I was curios about the girl on the picture. turned out to not even be interesting.

f.e. the bluepill thing. ok you can jail the OS into a VM transparently. Now what can you do ? you have to implement a mini OS by yorself into the hypervisor to do anything usefull (i.e. data collection), you need to read the FS, interrupt the network etc. the only usefull thing is to infect the system again after it was cleaned (again you need to know the FS). but since the AV knows you are there, it knows what to do about it.

ok AV vendors are a step behind (or 2), but once they figure out the attack vector and means, you are done and have to come up with a new attack technology. there are only limited options available on each architecture that change with each revision, so the AV companies win in the end by closing all the gaps they know about.

these are only backdoors to break the AV protection or work in a dimension higher than the AV protection. however the usefull data is still on the same level as the AV protection (user space).
 

coolkev99

Distinguished
Jun 2, 2008
109
0
18,680
Interesting... and way over my head. Yet I couldn't help but feel like they were trying to out-geek each others commments.

She is to nerds what nerds are to normal people. Don't get me wrong, much respect and admiration!
 
G

Guest

Guest
A interesting and informative article but there is a lot of self praise and back slapping, seems that these folks are not the geniuses they make them selves out to be:
http://en.wikipedia.org/wiki/Blue_Pill_(malware)
 

bounty

Distinguished
Mar 23, 2006
389
0
18,780
Wayne963, I'm not sure I get your point. They also made red pill and discussed at length in the interview about being able to detect a hypervisor, but that fingerprinting it would be a bitch.

haplo602, that's like arguing that taking control of the memory doesn't get you anywhere, you still have to read the FS, implement sniffing routines etc. While the AV may know it's there, it doesn't have final say. VM says remove kav.exe, kav.exe says 'nooooooooooooooo' as it's being deleted. kav.exe stops bothering VM.
 

haplo602

Distinguished
Dec 4, 2007
202
0
18,680
[citation][nom]bounty[/nom]haplo602, that's like arguing that taking control of the memory doesn't get you anywhere, you still have to read the FS, implement sniffing routines etc. While the AV may know it's there, it doesn't have final say. VM says remove kav.exe, kav.exe says 'nooooooooooooooo' as it's being deleted. kav.exe stops bothering VM.[/citation]

well the issue is as I described. you cannot delete anything from outside the OS unless you ask the OS to do so. and once you do, the AV will catch it.

taking control of the memory only enables you to see what others see. it's like network man-in-the-middle attacks. they too are not detectable (or very hard to do), yet you still have to decode the data you are capturing to use it and you have to interrupt the data stream with very accurate data to alter it. this only leads to content encryption being your last stop.

look at DRM in Vista and expand it to all the data. what you get is a virtualised OS that is a blackbox for the rootkit. so you have control of the memory, but it's no use to you. simple and effective. of course there are performance hits etc., but this we already get with each new windows version :))
 

thejerk

Distinguished
Mar 7, 2009
317
0
18,780
I lost interest in the entire article as soon as she began speaking of how pretty her Mac is... seriously. I don't care how talented she is, now. I'm annoyed.

I just bought my girlfriend a Kate Spade baby bag. I bet Joanna thinks it's beautiful, too.
 
This is so ironic. Talking of security, I spent the last 2 hours getting Bastille to work on SUSE. (lol, it should have been only 10 minutes, but my perl install went to dependency hell).

For those that tun Linux, it's a very good idea to get Bastill up and rnning. Also read: Hacking Linux Exposed 2nd ed

Bastille: http://bastille-linux.sourceforge.net/
 
*damn the submit button and the lack of editing*

Anyways, good to know a few people actually know what the hell they are talinkg about. These people should help the gov't because unlike most at the gov't these people have knowledge. (Cybersecurity any one? :lol: Any one who uses that term should be wiped with CAT5e cable :p).

@Author: WTH is up with the Mac stuff?
 

222222

Distinguished
Jul 16, 2009
3
0
18,510
In 2006 she claimed she created the 100% undetectable rootkit, Blue Pill. When invited to challenge, she rejected unless she is paid 400,000$ to do its rootkit better claiming this is "funny challenge".

So she lied in order to get some publicity.

- stupid claims
- arrogant behavior
 

maximiza

Distinguished
Mar 12, 2007
838
3
19,015
222222 did she dump you or something? probably 400 g's is chump change to her. Look at D.C. I think in general if you have enough resources any I/O system can be compromised. Since people are imperfect there designs will always be imperfect. I had a Ti99/4a too, the speech programing was a blast.
 

Marcus52

Distinguished
Jun 11, 2008
619
0
19,010
[citation][nom]thejerk[/nom]I lost interest in the entire article as soon as she began speaking of how pretty her Mac is... seriously. I don't care how talented she is, now. I'm annoyed.I just bought my girlfriend a Kate Spade baby bag. I bet Joanna thinks it's beautiful, too.[/citation]

If that's all you got from her talk, then you are too clueless to get what she was talking about to begin with. It's good you didn't read the article because it clearly would have been a waste of your time.

The important parts you missed were 1) OS X is no more secure than Windows, and both are more secure than Linux distros, and 2) She'd go with Windows and PC hardware over OS X and Apple's hardware choices unless aesthetics are more important to you than what Windows provides.

If you are out to burst Apple's bubble, as I am, this article is an indictment of Apple's claims, not a fan-girl advertisement.
 
G

Guest

Guest
Nice interview.Well explained concepts and easy to read even for a non-field person
Alan: Please next time do some research on the person you 're interviewing and the subject of the interview (it's what good interviewers do) so the interviewee doesnt have to correct you in every single question.Also, why the so many "hospital" examples? When there are more criticals facilities like control towers that need better security
@all the mac complainers:She was only trying to get a free mac people, like any person would do if it had the chance.
@222222: "When invited to challenge, she rejected unless she is paid 400,000$..." invited to where? and if she charges that much for a challenge why would she practically advertise mac to get a free laptop?
 

scryer_360

Distinguished
Jan 13, 2007
564
0
18,980
...

She wrote BluePill?

Smart girl, she is. Her "Security by Isolation" approach has some sound benefits, but too many inconveniences for the average user. "Normal" people (read: sheep) do not want to have to put up with such things as a virtual environment. Most can't even spell it correctly.

It'd be nice, now that we see hardware supported virtualization, if MS and Mac would start writing their OS's with it in mind. The default load for an OS could be to load the GUI in a virtual environment, with applications in their own virtual environments.

I read the entire article, and was impressed by most of her statements, but my problem with her "Security by Isolation" is that it can also be called "Security by Distance." Its just putting more distance between different "rings" of the system. I can't understand why it doesn't seem to her that there are inherit flaws with this system. For one it doesn't prevent the virtual machine itself from being taken over. Only when you reload the virtual machine would any and all infections be gone, but how often do people reload their machines? So if she opened up her browser, got a keylogger in her "green" machine, then it'd still be able to see a password right?

I agree most retail AV/AS is shit, but still...
 

thejerk

Distinguished
Mar 7, 2009
317
0
18,780
[citation][nom]Marcus52[/nom]If that's all you got from her talk, then you are too clueless to get what she was talking about to begin with. It's good you didn't read the article because it clearly would have been a waste of your time.The important parts you missed were 1) OS X is no more secure than Windows, and both are more secure than Linux distros, and 2) She'd go with Windows and PC hardware over OS X and Apple's hardware choices unless aesthetics are more important to you than what Windows provides.If you are out to burst Apple's bubble, as I am, this article is an indictment of Apple's claims, not a fan-girl advertisement.[/citation]

Trust me, I got all of the points in the article. I'm kinda smart.

And, I own a MacBook, a PC laptop, and a home-built workstation that has a few OSes installed, including OSX. I'm not a fan of any platform. I use what I have to use to get the job finished, period. It's like my cars: the modified VW is fun, the Benz wagon is for hauling the family around.

If I wanted to be taken seriously as a security expert (and I don't) I wouldn't make the first bullet point of my Why I Own the Hardware I Own List a remark about aesthetics.
 
Status
Not open for further replies.