Thursday, August 10, 2006

Geek to Me

And technical security people wonder why no one listens to them, from here:
During her talk, she described how scripts can be used to allocate excess amounts of memory to a process, forcing the target system to page out unused code and drivers. At this stage, Rutkowska showed how shell code could be executed inside one of the unused drivers, completely defeating the new device driver signing policy being implemented in Vista to only allow digitally signed drivers to load into the kernel.

Rutkowska created a one-click tool to plant the rootkit and used special heuristics to automatically find out how much memory should be allocated to "knock the unused driver."

The shell code used in the demo successfully disabled signature checking in the rooted machine, rendering the system vulnerable to the loading of unsigned drivers.
Rutkowska said Microsoft should consider forbidding raw disk access from user mode, or encrypting pagefile to keep it in kernel non-paged memory. This may cause some performance impact, she said.

A third possible solution is to disable kernel memory paging entirely, Rutkowska said.
It's a nasty, complicated subject that most people don't have the time to worry about. Most people have a profession apart from from computers and they'd sooner live without them than have to worry about all the intracacies of a product that grows more complicated every day.

On a related site I caught the following pic:

I was looking this picture from top to bottom and I was like "oh yeah I like Coke, and mmm fired rice, that's what I ate all weekend, and that chair looks exactly like my office chair, and OMG my game!" I knew right away that I needed to post a disclaimer noting that this is not my office. My actual office is mildly more presentable.

No comments: