Roy Culley wrote:
> begin risky.vbs
> <1160780646.626981.315300@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
> "Tom Shelton" <tom_shelton@xxxxxxxxxxx> writes:
> >
> > You might want to take a look at "Blue Pill". The prototype was
> > Vista,x64 but according to the above Black Hat:
> >
> > <Quote>
> > Rutkowska stressed that the Blue Pill technology does not rely on
> > any bug of the underlying operating system. "I have implemented a
> > working prototype for Vista x64, but I see no reasons why it should
> > not be possible to port it to other operating systems, like Linux or
> > BSD which can be run on x64 platform," she added.
> > </Quote
> >
> > This is one that maybe the Linux people should be worried about as
> > well.
>
> And I'm sure they will. I read about Blue Pill a couple of months or
> more ago but little has been mentioned of it since. Is it a viable
> attack vector or not?
>
Since reading this I've been doing a little research. From what I'm
gathering, it appears that Blue Pill may not be what it is cracked up
to be:
http://www.virtualization.info/2006/08/debunking-blue-pill-myth.html
Linked to from Roy S. rebuttal. Essentially, this guy (from Xen) is
saying that not only is BP detectable, the whole concept is flawed and
probably impossible.
--
Tom Shelton
|
|
