tag:blogger.com,1999:blog-24586388.post360542347844086177..comments2023-11-24T09:52:43.963+01:00Comments on The Invisible Things Lab's blog: Quest to The CoreJoanna Rutkowskahttp://www.blogger.com/profile/07657268181166351141noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-24586388.post-2639769284979917392009-06-25T14:30:55.592+02:002009-06-25T14:30:55.592+02:00@Joanna: Great! We will have to wait until then......@Joanna: Great! We will have to wait until then... maybe clues can be found if Intel releases fixes in the mean time :PMartin Tnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-33579482781303873352009-06-25T14:16:51.598+02:002009-06-25T14:16:51.598+02:00@Martin: as usual we will publish the slides and c...@Martin: as usual we will publish the slides and code within a few days after the conference.Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-7685677271306074232009-06-25T13:40:13.128+02:002009-06-25T13:40:13.128+02:00Sounds really cool with this ring -3 stuff.
I was...Sounds really cool with this ring -3 stuff.<br /><br />I was so excited about your SMM attack. I remember when reading about SMM in Intel manuals back in '98 (it was there before, to be sure) there was something uncomfortable about the technology. I don't pretend to have foreseen your attack, I actually wasn't so concerned about the security aspect but more about the fact that the BIOS was so much in control even post boot and that there were things you as a user/programmer couldn't control even from ring 0(the BIOS can lock the SMM memory area, it can set port writes to triger SMM -- from any operating mode -- etc.).<br />So when I saw your exploit I still somehow thought my concerns on SMM were confirmed, albeit in a different way :)<br /><br />Back to the -3 stuff one can only wonder what it is? Something related to TXT (bugs in authenticated modules, such as SINIT?), exploits in the chipset, in other CPU's on the mainboard (guess it wouldn't really be ring-3 in the usual sense)? Or something totally crazy like exploits of microcode bugs perhaps even subversion of the microcode update feature to get custom microcode running?Really puts your imagination at work - Knowing your past record I'm sure it will be great and will represent totally novel stuff! Looking forward to see the revelation! Too bad I can't be there to see it at Blackhat.Martin Tnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-53836714440800061652009-06-11T19:59:23.202+02:002009-06-11T19:59:23.202+02:00thanks for share it ,
Nimathanks for share it ,<br /><br />NimaAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-28451921723679384672009-06-11T18:49:04.367+02:002009-06-11T18:49:04.367+02:00Sources? You're asking *us* about sources? Tho...Sources? You're asking *us* about sources? Thought we already have established ourselves as The Ones Who Publishes The Code...Joanna Rutkowskahttps://www.blogger.com/profile/07657268181166351141noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-69573925031501359632009-06-11T11:13:19.979+02:002009-06-11T11:13:19.979+02:00and not ine har2009? :-(
marcand not ine har2009? :-(<br />marcea1xhttps://www.blogger.com/profile/07053413353187311297noreply@blogger.comtag:blogger.com,1999:blog-24586388.post-18490851791120839382009-06-10T06:51:46.079+02:002009-06-10T06:51:46.079+02:00Hmm, sounds interesting. Is there will be any sour...Hmm, sounds interesting. Is there will be any sources of that rootkit?MaDnoreply@blogger.comtag:blogger.com,1999:blog-24586388.post-20461459543267950372009-06-09T22:20:30.236+02:002009-06-09T22:20:30.236+02:00Great news.Great news.davaeronhttps://www.blogger.com/profile/14684830632464061773noreply@blogger.com